LDAP Search Substitution

NetTools supports a number of Inline substitution options, that enables different data types to be entered in a user friendly formats, without the need to remember complicated data formats.  These can be used in the filter to simplify filter entry or convert data format for attribute updates with Update Queries.  

There are two types of substitutions available, data converters, and matching rule converters.

Data Converters

Data converters have the following format {<type>:<data>}

sid: object sid e.g. (objectsid={sid: S-1-5-21-3499964120-3315823391-1593708255-164234})
guid: object guids e.g. (objectguid={guid:00AD5B16-8E22-49D5-B83A-BFDEA6DFF7DE})
oid: oid identifiers e.g. (omobjectclass={oid:1.3.12.2.1011.28.0.702})
ip: IP address in windows order e.g. (ipaddress={ip:10.12.45.254})
ipn: IP address in network order e.g. (ipaddress={ipn:10.12.45.254})
hex: hexadecimal value e.g. (&(objectclass=group)(grouptype={hex:0x8000002}))
userinput: request user input e.g. {userinput:Date} responses are cached against the label, if the same label is used again the cached response is used
unicode: return the specified string as escape hex string {unicode:new}
idate: 64bit Time e.g. (lastlogontimestamp={idate:31/12/2011})
zdate: Generalized Time Format e.g. (whencreated={zdate:30/12/2011})
sdate: returns the date in dd/mm/yyyy format, when used in conjunction with Now constant
sdatetime: returns the date in dd/mm/yyyy hh:mm:ss format, when used in conjunction with Now constant
anr: Create an ANR filter based on the input string e.g. {anr:gary reynolds}

zdate, idate, sdate, and sdatetime types also support the 'Now' constant, and can be used with with optional plus and minus days.
e.g. {zdate:now}, {zdate:now-365}, {idate:now+5}, {sdate:now}

Nesting is supported on a number of the substitutions to convert from one format to another or converting a user input e.g  {idate:i{usernput:enter date}}

Matching Rules Converters

Matching rule converters use a single character as a substitute for the matching rule OIDs for LDAP filters, these are |  & % $

|= is the Or bit logic operator e.g. (!useraccountcontrol |= 2)  - expands to (!useraccountcontrol:1.2.840.113556.1.4.802:=2)

&= is the And bit logic operator e.g. (useraccountcontrol &= 2)  - expands to (useraccountcontrol:1.2.840.113556.1.4.803:=2)

%= is the chain operator e.g. (memberof %= (cn=Group1,OU=groupsOU,DC=test,DC=com)) - expands to (memberof:1.2.840.113556.1.4.1941:= (cn=Group1,OU=groupsOU,DC=test,DC=com))

$= is the DN-Binary or DN-String search e.g. (msDS-HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:CN=Configuration,DC=corp) - expands to (msDS-HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:CN=Configuration,DC=corp)