I'm trying to look for users inside Active Directory through a LDAP query. Basically I'm searching for the user in this way:
Search DN: dc=mydomain, dc=com
Filter: (sAMAccountName=USER) where USER is replaced with the provided username.
Now if USER is only the username without domain (for ex. "Joe") this works fine.
However I receive them in the form (domain\username, for ex. "myDomain\Joe") and obviously the search fails.
I see two ways:
- using a regex inside the Search Filter to discard the domain
- using a completely different search filter
I'm no LDAP expert and I don't even know if it's possible to use regular expressions inside the search filters.
Does anyone know if it's possible and how?
P.S. I cannot pre-process the username to strip the domain. This cannot be changed, as it's all part of a large system.
Best Answer
It is not possible to use different filter. User account hasn't attribute with domain name, so you cannot construct query with domain as parameter.
In Active Directory LDAP service contains only information from domain, for which DC is controller. If you have trusts with other domianst in forest, for getting information abount user from different domain you should contact with LDAP service from that domain.
Proper solution: discard domain name from search filter. Attribute sAMAccountName is unique in domain.