The (legacyexchangedn=) search filter is invalid
Hi,
I dunno whether this is the right place to post this query. I am basically trying to validate/search for a user against LDAP. The search filter which i pass to the Ldap is the user's email address.
But most of the times i get the following exception "The (legacyexchangedn=) search filter is invalid." This happens most of the times when i search for a user in LDAP even after passing a valid email address as search filter. Now am i missing something
in this context. I am unable to figure out why this is happening.
Any help on this would be really appreciated.
Thanks a lot
July 26th, 2010 6:38pm
Can u put your code and filter here, what filter are u using? Without that we might not be able to help u.
Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM)
www.HostingController.com
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2010 6:50pm
On Mon, 26 Jul 2010 15:38:22 +0000, Usha_Rohit2009 wrote:
> I dunno whether this is the right place to post this query. I am basically trying to validate/search for a user against LDAP. The search filter which i pass to the Ldap is the user's email address.
>
> But most of the times i get the following exception "The (legacyexchangedn=) search filter is invalid." This happens most of the times when i search for a user in LDAP even after passing a valid email address as search filter. Now am i missing something
in this context.
If you provided some context yourself it would be helpful. :-)
>I am unable to figure out why this is happening.
What do you consider to be a "valid email address"? The format of a
legacyExchangeDN is something like "/o=blah/ou=foo/cn=bar". Most
people think of an email address as user@domain.com.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
July 27th, 2010 2:31am
Here's an example of using adfind.exe (from www.joeware.net) to search for a specific value that might be present in either the legacyExchangeDN attribute or as an X500 address entry within the proxyAddresses multi-valued
attribute:
adfind -default -f "(|(proxyaddresses=X500:/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap)(legacyexchangedn=/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap))" samaccountname
The same filter will work in, e.g. LDP.EXE.
Alexei
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2010 2:52am
On Mon, 26 Jul 2010 23:52:30 +0000, Alexei Segundo wrote:
>
>
>Here's an example of using adfind.exe (from www.joeware.net) to search for a specific value that might be present in either the legacyExchangeDN attribute or as an X500 address entry within the proxyAddresses multi-valued attribute:
>
>adfind -default -f "(|(proxyaddresses=X500:/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap)(legacyexchangedn=/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=karlap))" samaccountname
>
>The same filter will work in, e.g. LDP.EXE.
I'd expect the problem to be the presence of the parentheses within
the data. Those should be escaped since "(FYDIBOHF23SPDLT)" is being
interpreted as a condition in your query. Try putting a "\" in front
of each of the parentheses and see if that makes a difference.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
July 27th, 2010 5:14am
Hi Rich
I was just showing an example of using legacyExchangeDN within an LDAP search filter - I'm not the original poster.
The filter works fine for me without needing to escape the parentheses.
Alexei
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2010 6:53am
Hi All,
Thanks for your reply. Basically i am passing the following string as filter:
(legacyexchangedn=user@domain.com)
I am creating an instance of DirectorySearcher class and setting the Filter property of this instance to the above string filter. Then i execute the FindOne() method of DirectorySearcher class and take the results in SearchResult class. So although i pass
a valid email id eg: user@domain.com i get the exception mentioned above.
Now this email id which i pass to the DirectorySearcher class as filter is obtained from a mail items To list in Microsoft Outlook.
Let me know if you need more details.
Thanks and Regards
July 27th, 2010 6:33pm
If you are searching by SMTP email address then you should not be using the legacyExchangeDN attribute. Try this instead:
"(mail=user@domain.com)"
or, if Exchange is used within the forest:
"(proxyaddresses=SMTP:user@domain.com)"
You might also consider using a more efficient filter. For example, if you are searching for user objects you can use"
"(&(objectCategory=Person)(ojbectClass=User)(proxyaddresses=SMTP:user@domain.com))"
or
"(&(sAMAccountType=805306368)(proxyaddresses=SMTP:user@domain.com))"
Alexei
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2010 12:38am
On Tue, 27 Jul 2010 03:53:04 +0000, Alexei Segundo wrote:
>I was just showing an example of using legacyExchangeDN within an LDAP search filter - I'm not the original poster.
Then why reply to my posting and not the person asking the question?
>The filter works fine for me without needing to escape the parentheses.
Then I guess there's som "behind-the-scenes" work going on.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
July 28th, 2010 5:25am
On Tue, 27 Jul 2010 15:33:02 +0000, Usha_Rohit2009 wrote:
> Thanks for your reply. Basically i am passing the following string as filter:
>
>(legacyexchangedn=user@domain.com)
That's not the correct format for data in that property.
>I am creating an instance of DirectorySearcher class and setting the Filter property of this instance to the above string filter. Then i execute the FindOne() method of DirectorySearcher class and take the results in SearchResult class. So although i
pass a valid email id eg: user@domain.com i get the exception mentioned above.
Change the filter to use "proxyaddresses=smtp:user@domain.com".
>Now this email id which i pass to the DirectorySearcher class as filter is obtained from a mail items To list in Microsoft Outlook.
>
>Let me know if you need more details.
Nothing more is needed. You'll never match the values in the
legacyExchangeDN property to a SMTP address.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2010 5:28am
On Tue, 27 Jul 2010 21:38:28 +0000, Alexei Segundo wrote:
>
>
>If you are searching by SMTP email address then you should not be using the legacyExchangeDN attribute. Try this instead:
>
>"(mail=user@domain.com)"
>
>or, if Exchange is used within the forest:
>
>"(proxyaddresses=SMTP:user@domain.com)"
>
>You might also consider using a more efficient filter. For example, if you are searching for user objects you can use"
>
>"(&(objectCategory=Person)(ojbectClass=User)(proxyaddresses=SMTP:user@domain.com))"
>
>or
>
>"(&(sAMAccountType=805306368)(proxyaddresses=SMTP:user@domain.com))"
The proxyaddresses property is an indexed property. Qualifying it with
anything else only serves to reduce the number of objects returned.
But because each proxyaddress value is unique, and he's searching for
a complete address, I don't think there's any benefit in adding
criteria to the query string.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
July 28th, 2010 5:41am
Good point Rich. I hadn't checked to see if proxyAddresses was indexed.
Alexei
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2010 6:07am
Hi All,
I think you are right. The format for the filter string must be wrong in my case. I will change the filter format and try again.
Thanks again.
Regards
July 28th, 2010 11:52am
hi Usha_Rohit,
Any update for your issue?
Regards!
Gavin
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2010 10:21am