LDAP Query Cheat Sheet

This is a wiki page to contribute helpful LDAP Queries in a centralized post.

Note: This is a wiki post and others can contribute directly to it.

  • Add the code to code blocks
  • Add code to most appropriate section (add as needed)
  • Any information is helpful!

Request Options

LDAP URL

LDAP URL includes the target scoped OU path for the additional query params. Best practice is to make this as specific as possible to speed the query up and limit the scope of returned objects. This string needs to be HTML Encoded if you have special characters or spaces.

Example of the highest level LDAP URL is:

ldap://<ADServer>.com:389/dc=domain,dc=com

Example of a more specific LDAP URL with HTML Encoding:

ldap://<ADServer>.com:389/ou=Test%20-%20Hyphen,ou=Users,ou=Environment,dc=domain,dc=com

Credentials

Credential can be entered locally on the Option List directly, or, you can consume a credential object within Morpheus so there is a centralized location for User/Password updates.

The user needs to have permissions to whatever OU you are searching and is typically referred to as a Bind User. Essentially Read Only access is the requirement.

LDAP Query

LDAP Query allows for globally available additional queries that are required to further filter the list returned. Morpheus allows for the optional <%=phrase%> variable to allow modifying the query as the user types to create an even more dynamic filter.

Translation Script

Like the Translation Script on other Option Lists, this allows a user to take the data returned and convert it into a useable list of Name:Value pairs. I’ve found that with LDAP it’s often best to have an If Statement for the name (and possibly the value) as there can be inconsistencies on available additional attributes within AD.

The lower portion of the code is simply a sort on the results to ensure an alphabetical array.

for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
      if(row.displayName != null) {
      a['name'] = row.displayName;
    } else {
      a['name'] = row.sAMAccountName;
    }

    a['value'] = row.sAMAccountName;
    results.push(a);
}
results.sort(function(a, b) {
    if (a.name < b.name) {
        return -1;
    }
    if (a.name > b.name) {
        return 1;
    }
    return 0;
});

Queries

Departments

  • List current user Department
    (&(objectClass=user)(cn=<%=user.username%>*))

  • Translation

if(input.user != null) {
for(var x=0;x < data.length ; x++) {
    var attrib = "departmentNumber"
    var row = data[x];
    var a = {};
	if(row.sAMAccountName === input.user.username) {
      if(row[attrib] != null) {
      a['name'] = row[attrib];
    } else {
      a['name'] = "No Department";
    }

      if(row[attrib] != null) {
      a['value'] = row[attrib];
    } else {
      a['value'] = null;
    }
    results.push(a);
}}}

Groups

  • List all Groups
    (&(objectClass=group)(cn=*))
    or
    (&(objectClass=group)(cn=<%=phrase%>*))

  • Translation

for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
      if(row.displayName != null) {
      a['name'] = row.displayName;
    } else {
      a['name'] = row.name;
    }

    a['value'] = row.sAMAccountName;
  
    results.push(a);
}

results.sort(function(a, b) {
    if (a.name < b.name) {
        return -1;
    }
    if (a.name > b.name) {
        return 1;
    }
    return 0;
});

Manager

  • List Manager for current user
    (&(objectClass=user)(cn=*))
    or
    (&(objectClass=user)(cn=<%=phrase%>*))

  • Translation

if(input.user != null) {
for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
	if(row.sAMAccountName === input.user.username) {
      if(row.manager != null) {
      a['name'] = row.manager;
    } else {
      a['name'] = "No Manager";
    }

      if(row.manager != null) {
      a['value'] = row.manager;
    } else {
      a['value'] = null;
    }
    results.push(a);
}}}

Users

  • List all Users
    (&(objectClass=user)(cn=*))
    or
    (&(objectClass=user)(cn=<%=phrase%>*))

  • Translation

for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
      if(row.displayName != null) {
      a['name'] = row.displayName;
    } else {
      a['name'] = row.sAMAccountName;
    }

    a['value'] = row.sAMAccountName;
    results.push(a);
}
results.sort(function(a, b) {
    if (a.name < b.name) {
        return -1;
    }
    if (a.name > b.name) {
        return 1;
    }
    return 0;
});