The Attribute Scope Query (ASQ) is Server Side control that provides the ability to return the attributes of members of a Object(DN-DN) attribute, e.g. member. The specified attributes are returned for each DN that is included in the Object(DN-DN) attribute.
For ASQ queries the LDAP Search input fields must have the set as follows, The BaseDN field must be set to the DN of the object containing the Object(DN-DN) attribute, the Search Scope must be Base Level, the Filter field is applied to the members of the Object(DN-DN) attribute, and can be used to filter\limit which items are included in the search. The Attributes field, the first attribute named must be the name of the Object(DN-DN) attribute, followed by the list of attributes that are required.
In the above example, we are using the member attribute as the Object(DN-DN) attribute of the group object and its returns the last time the user logged on and when they last changed their password.
The filter field can be used to limit\filter the records that are returned, the filter is applied to the objects in the Object(DN-DN) attribute and will only return the objects that match the filter, i.e. setting the filter to (&(objectclass=*)(!userAccountControl|=2)) only accounts that are enabled will be returned. This filter is using the subst feature in the filter to simplify the entry of complicated filters, see Substitutions
Advanced operations - it’s possible to combine the Input Mode and ASQ options to query the Object(DN-DN) attribute of multiple objects in a single operation.
To do this first enable the Input Mode, by selecting the Table Input option, and select the Create Multiples option, and then paste a list of object DNs to be queried into the table view. Update the BasedDN to be ##input and click go. The results for DN in the Search Attribute will be displayed on an individual line.
