Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2016-12-20) The LDAP Filter Prettyfier

Posted by Jorge on 2016-12-20


Have you ever received an LDAP filter that was so hideous or so complex you had to reformat it to understand it? Well, you no longer need reformat it yourself!

Willem Kasdorp, a Microsoft PFE, has written a very effective PowerShell script that reformat any LDAP filter to a more understandable form. You can read more about this, and also get the PowerShell code from here.

I once received an LDAP filter similar to what you see below:

"(|(&(|(mail=*@company.nl)(mail=*@company.com))(!mail=*testuser*)(!mail=*internal*)(!mail=*1111*)(!mail=*zz-pa1111*)(!mail=*2222*)(!mail=*somestring1*)(!mail=*somestring2*)(!mail=vendor*)(!mail=*somestring3*)(!mail=*somestring4*)(!displayName=aaa*)(!name=bbb*)(!name=ccc*)(!name=ddd*)(!sAMAccountName=eee*)(!sAMAccountName=admin*)(!sAMAccountName=fff*)(!title=functional*)(!displayName=ggg*)(!displayName=hhh*)(!displayName=iii*)(!msExchHideFromAddressLists=TRUE))(&(|(mail=*@company.nl)(mail=*@company.com))(!mail=*somestring5*)(!mail=*somestring6*)(!mail=*3333*)(!mail=*zz-pa2222*)(!mail=*4444*)(!mail=*somestring7*)(!mail=*somestring1*)(!mail=vendor*)(!mail=*somestring8*)(!mail=*somestring9*)(!name=jjj)(!name=kkk*)(!name=lll*)(!sAMAccountName=mmm*)(!sAMAccountName=admin*)(!sAMAccountName=nnn*)(!title=functional*)(!displayName=ooo*)(!displayName=ppp*)(!displayName=qqq*)(msExchHideFromAddressLists=TRUE)(userAccountControl:1.2.840.113556.1.4.803:=2)))"

There is NO WAY you will understand this LDAP filter without reformatting it first to some more understandable form!

So, let’s use the PowerShell script and see what the LDAP filter is actually doing

image

Figure 1: Prettyfying The LDAP Filter To An Understandable Format

(|
  (&
    (|
      (mail=*@company.nl)
      (mail=*@company.com)
    )
    (!mail=*testuser*)
    (!mail=*internal*)
    (!mail=*1111*)
    (!mail=*zz-pa1111*)
    (!mail=*2222*)
    (!mail=*somestring1*)
    (!mail=*somestring2*)
    (!mail=vendor*)
    (!mail=*somestring3*)
    (!mail=*somestring4*)
    (!displayName=aaa*)
    (!name=bbb*)
    (!name=ccc*)
    (!name=ddd*)
    (!sAMAccountName=eee*)
    (!sAMAccountName=admin*)
    (!sAMAccountName=fff*)
    (!title=functional*)
    (!displayName=ggg*)
    (!displayName=hhh*)
    (!displayName=iii*)
    (!msExchHideFromAddressLists=TRUE)
  )
  (&
    (|
      (mail=*@company.nl)
      (mail=*@company.com)
    )
    (!mail=*somestring5*)
    (!mail=*somestring6*)
    (!mail=*3333*)
    (!mail=*zz-pa2222*)
    (!mail=*4444*)
    (!mail=*somestring7*)
    (!mail=*somestring1*)
    (!mail=vendor*)
    (!mail=*somestring8*)
    (!mail=*somestring9*)
    (!name=jjj)
    (!name=kkk*)
    (!name=lll*)
    (!sAMAccountName=mmm*)
    (!sAMAccountName=admin*)
    (!sAMAccountName=nnn*)
    (!title=functional*)
    (!displayName=ooo*)
    (!displayName=ppp*)
    (!displayName=qqq*)
    (msExchHideFromAddressLists=TRUE)
    (userAccountControl:1.2.840.113556.1.4.803:=2)
  )
)

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisements

2 Responses to “(2016-12-20) The LDAP Filter Prettyfier”

  1. Ernest Brant said

    Hi Jorge very useful
    Thanks and have a great Christmas/NewYear
    Ernest

  2. joe said

    Hmmm… See -filterbreakdown in AdFind (since January 2009)

    D:\>adfind -filterbreakdown “(|(&(|(mail=*@company.nl)(mail=*@company.com))(!mail=*testuser*)(!mail=*internal*)(!mail=*1111*)(!mail=*zz-pa1111*)(!mail=*2222*)(!mail=*somestring1*)(!mail=*somestring2*)(!mail=vendor*)(!mail=*somestring3*)(!mail=*somestring4*)(!displayName=aaa*)(!name=bbb*)(!name=ccc*)(!name=ddd*)(!sAMAccountName=eee*)(!sAMAccountName=admin*)(!sAMAccountName=fff*)(!title=functional*)(!displayName=ggg*)(!displayName=hhh*)(!displayName=iii*)(!msExchHideFromAddressLists=TRUE))(&(|(mail=*@company.nl)(mail=*@company.com))(!mail=*somestring5*)(!mail=*somestring6*)(!mail=*3333*)(!mail=*zz-pa2222*)(!mail=*4444*)(!mail=*somestring7*)(!mail=*somestring1*)(!mail=vendor*)(!mail=*somestring8*)(!mail=*somestring9*)(!name=jjj)(!name=kkk*)(!name=lll*)(!sAMAccountName=mmm*)(!sAMAccountName=admin*)(!sAMAccountName=nnn*)(!title=functional*)(!displayName=ooo*)(!displayName=ppp*)(!displayName=qqq*)(msExchHideFromAddressLists=TRUE)(userAccountControl:1.2.840.113556.1.4.803:=2)))”

    AdFind V01.49.00.00cpp Joe Richards (joe@joeware.net) February 2015

    Filter Breakdown:

    (|
    (&
    (|
    (mail=*@company.nl)
    (mail=*@company.com)
    )
    (!
    mail=*testuser*)
    (!
    mail=*internal*)
    (!
    mail=*1111*)
    (!
    mail=*zz-pa1111*)
    (!
    mail=*2222*)
    (!
    mail=*somestring1*)
    (!
    mail=*somestring2*)
    (!
    mail=vendor*)
    (!
    mail=*somestring3*)
    (!
    mail=*somestring4*)
    (!
    displayName=aaa*)
    (!
    name=bbb*)
    (!
    name=ccc*)
    (!
    name=ddd*)
    (!
    sAMAccountName=eee*)
    (!
    sAMAccountName=admin*)
    (!
    sAMAccountName=fff*)
    (!
    title=functional*)
    (!
    displayName=ggg*)
    (!
    displayName=hhh*)
    (!
    displayName=iii*)
    (!
    msExchHideFromAddressLists=TRUE)
    )
    (&
    (|
    (mail=*@company.nl)
    (mail=*@company.com)
    )
    (!
    mail=*somestring5*)
    (!
    mail=*somestring6*)
    (!
    mail=*3333*)
    (!
    mail=*zz-pa2222*)
    (!
    mail=*4444*)
    (!
    mail=*somestring7*)
    (!
    mail=*somestring1*)
    (!
    mail=vendor*)
    (!
    mail=*somestring8*)
    (!
    mail=*somestring9*)
    (!
    name=jjj)
    (!
    name=kkk*)
    (!
    name=lll*)
    (!
    sAMAccountName=mmm*)
    (!
    sAMAccountName=admin*)
    (!
    sAMAccountName=nnn*)
    (!
    title=functional*)
    (!
    displayName=ooo*)
    (!
    displayName=ppp*)
    (!
    displayName=qqq*)
    (msExchHideFromAddressLists=TRUE)
    (userAccountControl:1.2.840.113556.1.4.803:=2)
    )
    )

    Note: This is not necessarily the filter that the query processor will
    process, instead it is a simple text parsing of the supplied filter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: