LDAP Search – LDAP Filter Wizard

The LDAP Filter Wizard provides the ability to display and edit LDAP filters in a hierarchical view. 

The LDAP Filter Wizard provides the following features:

      • Drag and drop to move items around
      • Insert new operators and conditions
      • Change existing operators and conditions
      • Selection of classes and Attributes from dropdown list

The Operators, AND, OR, NOT, and Filter, have a dual function, one to show the operation of the currently selected item, and two to select the operation for the New and Change operations.  When the New Parent, or New Child buttons are pressed the new item will be added based on the selected Operator.  When the Change button is pressed the selected item will change to the selected Operator.  With the Filter Operator you can select the required attribute or class from the dropdown list, additional text can be added to complete the condition before the items is added.

The Delete Button will delete all items under the selected item.  If you wish to preserve any of the items under the selected items, they must be moved to another point in the filter before the item is deleted.

If you click twice on an items in the hierarchical view, it will allow you to edit the details of the item.

The MS LDAP API and NetTools will accept fully compliant RFC4515 Not statements or the abbreviated alternative.  With RFC4515 the Not statement must be constructed as such (!(condition)) i.e. (!(objectclass=user)), while the MS LDAP API will accept the abbreviated form of (!condition) i.e. (!objectclass=user).  When the RFC4515 option is selected the wizard will return compliant Not statements.  The LDAP Filter Wizard is able to read both formats.

The example shown is using a number of the substitution options, see LDAP Search Substitution

LDAP Search Options

This post contains the details of options that are available in the LDAP Search option.

Input Fields

Server - the name of the server that the query will be directed
BasedDN - specifies the base distinguished names, in RFC1779 format
Filter - the LDAP filter that will be passed to the server. The background of the field will turn red if the filter is invalid.
Attributes - the attributes to be returned by the query
Favorites - used to select and save favorites. See Favorites
Display Filter - define a display filter which will be applied the results returned by the server. See Display Filters
Sort - specify the sort order the server should return the results
Filename - specifies the name of the output file

Display Options

Display Results – With this option deselected the results of the query are not displayed
Display DN – A DN field is added to the output.  If this option is deselected, The Show Attributes, AD Properties, and Meta Data options will not be available on the context menu
Display on completion – With this option deselected the entries are displayed as they are decoded, with this option selected, the screen updates are suppressed and only displayed once the queries has finished
Attribute count only -  when selected the number of entries per attribute is displayed.
Hex Dump -  this option is display an hex dump of the data in the displayed attributes, with the table view enabled on the hex values are displayed.  With the table view disabled both the hex and text are included in the dump.
Raw Format – With this option selected the attribute decodes are disabled and the outputs are displayed based on the default format returned by the LDAP server
Single Line – When selected the entries of an attributes are displayed on a separate line and a count is displayed after the attribute tag
Output to file – with this option select the output of the queries is saved to the file specified in the filename field
No Attribute tags – by default the name of the attribute is displayed in the text output pane, however if this option is selected the attribute name\tag is not displayed

Server Side Controls

This section will append one of the predefined server controls in the query sent to the server
Paged Searches – enables the paged search control details here https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/1b4a637c-c682-4b5e-9397-fe9142a38887
Extended DN – control will cause the server to return the extended dn as described here https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/57056773-932c-4e55-9491-e13f49ba580c
Attribute Scope Query – this is used to the search the object specified in an Object(DS-DN) syntax attribute, the attribute is associated to the object specified in the BaseDN field.  The attribute to be used is specified as the first attribute listed in the attributes field, the subsequent attributes are the attributes to be returned. See ASQ  Details of the control can be found here https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/77d880bf-aadd-4f6f-bb78-076af8e22cd8
Delete Objects – when this control is enabled the Deleted objects container and its contents are returned.
Recycle Object – when this control is enabled the Recycled objects container and its contents are returned.
NTSecurityDescriptors – with this control enabled the server will also return the security descriptior for the object contained in the NTSecurityDescriptor attribute
Include SACL – this option will also include the Security Access Control List in the NTSecurityDescriptor details, this required the SESecurityLog right
Search Stats – When enabled the server will return the  server statistics on the query.
Controls - a number of predefined controls are provided, this option allows you to specific additional server side controls. See LDAP Server Controls

Table View Options

Table View – when this option is enabled the table view is enabled and the results are presented in a tabular view
Clear Table – when enabled the table view is clear of contents before the query is run
Table Input – This options enable input mode which allows inputs to be pasted into the table and then used as the basis of queries, see LDAP Search Input Mode 
Record Count – (available in input mode) when this option is enabled, the number of entries per attribute is returned
Create Multiple – (available in input mode) when enabled if multiple entries are returned, the subsequent entries are displayed on a new line
CSV file format, allow you to control the format of the data written to the file, CSV is only available with table view enabled.

Misc Options

CLDAP – when enabled the ldap query is sent using the UDP protocol rather than TCP
Dynamic and Sort option – see Dynamic and Sort Attributes Options
Auto Complete – when this option is enabled NetTools will download the complete list of attributes defined in the schema when the populate button is pressed, this is then used to provide a auto complete as you enter the attribute names in the attributes field
Chase Referrals – With this LDAP option enabled, the server will try to retrieve the requested object if the object is in a different context or directory.  This can also be set in the LDAP Session option dialog
Ext Error – this is return the extended LDAP error information in the event of an error occurring
Page Size – this define the number of entries that will be returned by the server per page


These options are covered in the LDAP Search Update Queries 

Credentials -  this will display a dialog box to specify the credentials that will be used to run query under
Reset - reset the form to the default options
Run Batch - Used to execute the select batch list, as defined and specified by the batch list option
Batch List - allows the creation of batch lists of queries 

Use GC - Changes the default port to 3268 or 3269 based on SSL Bind option. If a Connection Profile is selected, the GC details defined in the Connection Profile will be used.
SSL Bind - Changes the default port to 636 and enable SSL encrpytion
Verify Certs - when selected the server certificate is validated by the default Windows mechanism, if not selected the certificate verification is bypassed and the certificates are just accepted
Display Results - with this option NetTools will verify each of the certificate in the chain, completing a revocation check against each certificate and display the results
Display Cert - Once the verification of the certificate is complete, the certificate used by the server will be display in a standard certificate dialog box
Machine Store - defines which certificate store will be used by the Windows certificate verification mechanism 


LDAP Session - this button will display the LDAP Session dialog to define the session variables that will be used when the query is executed. See LDAP Session Options.
Populate - this button will populate and enable a number of features in LDAP Search.  See LDAP Search Populate
Up one level - The left most entry of the DN is removed, to move up one level
DN Selector - this will display a dialog box to select the required BaseDN from a browser
LDAP Browser - See LDAP Browser
Attributes dialog - this will display the attribute dialog for the current BaseDN object
LDAP Query Wizard - a wizard to display and create a LDAP filter in a hierarchical view.  See LDAP Filter Wizard
Zoom - This button will display the filter or the Attributes field in a separate window with the option to increase the font size for easier reading and updating.
Enums - This display a dialog that shows the values associated to the predefined Enums in NetTools
Help - Displays the help for the filter, attributes and Display filter fields
Attribute List - this will display the list of attributes which can be used to select the attributes to be returned
Define Decode - this dialog lets you display and define the DecodeType that will be used for each attribute.
Favorites Save, Export, Import see Favorites

The text view context menu supports a number of predefined shortcuts to display information based on the selected text in the text view. The details in brackets is the what the selected text should contain for each item.

For details on the Custom items see Context Favorites in LDAP Search Favorites