none
LDAP query to Xpath filter RRS feed

  • Question

  • We are doing a conversion from a system that uses LDAP queries for setting dynamic groups, is there a way to convert these queries into Xpath filters easily, or do I have to do it manually for the groups?

    I know that the languages have similarities, but have yet to find a way to easily do it for the 7000 groups I am converting


    Russell Lema

    Friday, February 3, 2017 8:44 PM

Answers

  • Russell-

    It seems like you'd need to write an LDAP filter parser to turn the filters in to a tree and then you could put that tree back in to XPath. Ryan's lithnet repository https://github.com/lithnet has a programmatic way to create XPath filters. A quick Google search shows there's some LDAP filter parser implementations that are out there that you might be able to stitch together to create what you want.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Russ Lema Wednesday, February 15, 2017 6:01 PM
    Saturday, February 11, 2017 1:38 AM
    Moderator

All replies

  • I think you mean Opath. If so, this reference should help:

    https://technet.microsoft.com/en-us/library/cc164375(v=exchg.141).aspx

    And this Gallery script may be just what you need:

    https://gallery.technet.microsoft.com/7c04b866-f83d-4b34-98ec-f944811dd48d


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Saturday, February 4, 2017 2:07 AM
  • Hello Richard, 

    Well not really, the distribution lists arent in Exchange or AD, they use a different tool to send the mail and they dont want them in AD.. so we are converting them to the FIM/MIM Portal only for self-service management, then feeding them back to the original app that will be sending the mail. 

    So I need to be able to convert the dynamic groups form LDAP filters that they are currently using to FIM XPATH and back. 

    Thanks

    Russ Lema


    Russell Lema


    • Edited by Russ Lema Tuesday, February 7, 2017 8:38 PM
    Tuesday, February 7, 2017 8:38 PM
  • If I understood the problem, I would compile a dictionary with mappings between the objects and attributes and perform the conversion in powershell.

    Example ldap filter (don't mind the syntax): (objectType=user)(department=HR)

    The dictionary would have to contain:

    Ldap - FIM

    user - Person

    department - Department

    Then you could translate it to /Person[Department='HR']

    Is this kind of what you are trying to accomplish?


    Wim Beck | IS4U FIM/MIM Expert Blog: blog.is4u.be

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!

    Friday, February 10, 2017 1:07 PM
  • That is exactly what I am trying to do.. 

    It would be fairly easy if it was a small number of groups, but we have 1000s that need to be converted. 

    We were thinking of trying something similar to this, I was just hoping there would have been a quicker solution. 

    :)



    Russell Lema

    Friday, February 10, 2017 7:51 PM
  • Russell-

    It seems like you'd need to write an LDAP filter parser to turn the filters in to a tree and then you could put that tree back in to XPath. Ryan's lithnet repository https://github.com/lithnet has a programmatic way to create XPath filters. A quick Google search shows there's some LDAP filter parser implementations that are out there that you might be able to stitch together to create what you want.


    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by Russ Lema Wednesday, February 15, 2017 6:01 PM
    Saturday, February 11, 2017 1:38 AM
    Moderator