Tag Archives: IPN

LDAP Search Substitution

NetTools supports a number of Inline substitution options, that enables different data types to be entered in a user friendly formats, without the need to remember complicated data formats.  These can be used in the filter to simplify filter entry or convert data format for attribute updates with Update Queries.

There are two types of substitutions available, data converters, and matching rule converters.

Data Converters
Data converters have the following format {<type>:[data]}

-1: int64 const of -1 e.g. (pwdlastset={-1:}) which will be replaced with 9223372036854775807
anr: Create an ANR filter based on the input string e.g. {anr:john smith}
getdn: return the DN for the specified samaccountname e.g. {getdn: domain admins} {getdn:user1}
guid: object guids e.g. (objectguid={guid:00AD5B16-8E22-49D5-B83A-BFDEA6DFF7DE})
hex: hexadecimal value e.g. (&(objectclass=group)(grouptype={hex:0x8000002}))
idate: 64bit Time e.g. (lastlogontimestamp={idate:31/12/2011})
ip: IP address in windows order e.g. (ipaddress={ip:10.12.45.254})
ipn: IP address in network order e.g. (ipaddress={ipn:10.12.45.254})
oid: oid identifiers e.g. (omobjectclass={oid:1.3.12.2.1011.28.0.702})
sdate: returns the date in dd/mm/yyyy format, when used in conjunction with Now constant e.g. {sdate:now}
sdatetime: returns the date in dd/mm/yyyy hh:mm:ss format, when used in conjunction with Now constant
sid: object sid e.g. (objectsid={sid: S-1-5-21-3499964120-3315823391-1593708255-164234})
unicode: return the specified string as escape hex string {unicode:new}
userinput: request user input e.g. {userinput:Date} responses are cached against the label, if the same label is used again the cached response is used
zdate: Generalized Time Format e.g. (whencreated={zdate:30/12/2011})

zdate, idate, sdate, and sdatetime types also support a number of constants 'Now', StartofDay, EndofDay, and can be used with with optional plus and minus days.
e.g. {zdate:now}, {zdate:now-365}, {idate:now+5}, {sdate:now}
{zdate:startofday}, {zdate:endofday}, {idate:startofday-5}

Nesting is supported on a number of the substitutions to convert from one format to another or converting a user input e.g  {idate:{usernput:enter date}}

Matching Rules Converters
Matching rule converters use a single character as a substitute for the matching rule OIDs for LDAP filters, these are |  & % $

|= is the Or bit logic operator e.g. (!useraccountcontrol |= 2)  - expands to (!useraccountcontrol:1.2.840.113556.1.4.802:=2)

&= is the And bit logic operator e.g. (useraccountcontrol &= 2)  - expands to (useraccountcontrol:1.2.840.113556.1.4.803:=2)

%= is the chain operator e.g. (memberof %= (cn=Group1,OU=groupsOU,DC=test,DC=com)) - expands to (memberof:1.2.840.113556.1.4.1941:= (cn=Group1,OU=groupsOU,DC=test,DC=com))

$= is the DN-Binary or DN-String search e.g. (msDS-HasInstantiatedNCs$=B:8:0000000D:CN=Configuration,DC=corp) - expands to (msDS-HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:CN=Configuration,DC=corp)