LDAP filter: negation

Scott_Marquardt · January 16, 2006, 10:04am

LDAP and Active Directory – dang, I’'ve never had this much of a problem with LDAP filters (use ''em for other things).

For example, this filter:

(!memberOf=cn=NoPrivileges,ou=Groups,dc=domain,dc=local)

should eliminate members of that security group. However, the negation doesn’‘t seem to work (the "can’'t log in to even find out" problem).

Is there a need for something equivalent for ! to for *? How on earth to do negation in LDAP queries?

Scott_Marquardt · January 16, 2006, 11:00am

Well, OK. That was simple.

(!(

Now, however, I’'m having problems excluding several security groups in a single filter – problems with chaining ORs or ANDs.Bother.

Alex_Wenckus · January 16, 2006, 9:27pm

its all prefix so if you want to chain them you need to do something like (&(this)(andthis))

Alex