In AD, I have multi valued attribute "departmentNumber" which may store multiple values like "dept1" and "dept2".
I am looking for ldap filter which should retrieve the users who has more than 1 departmentnumber.
I looked at other threads but that doesn't seems to work.
Any help is appreciated.
The server will return each of the values of a multi-valued attribute for each entry which matches the search parameters (assuming the authorization state of the connection permits). The search response will be a list of objects which match the search parameters, and with each object all be a list of attributes (name and value pairs) which is specified in the requested attributes parameter of the search request. All values of a multi-valued attribute will be included in the search result.
If the client desires dept1 and dept2, then include those as assertions in the filter, for example:
(&(departmentNumber=dept1)(departmentNumber=dept2)(objectClass=whatever..))
Given the follow entries from which only cn and departmentNumber are shown:
$ ldapsearch --baseDN 'ou=people,c=us' --searchScope one '(&)' cn departmentNumber
dn: cn=user.1,ou=People,C=us
cn: user.1
departmentNumber: dept1
departmentNumber: dept2
dn: cn=user.2,ou=People,C=us
cn: user.2
departmentNumber: dept2
Note that the search response included both entries, and both values of
departmentNumber for cn=user.1,ou=people,c=us.
