Recently, I had to check the performance of AD domain controller when checking user’s groups. As many of you already know, the filter would be:
(member:1.2.840.113556.1.4.1941:=%dn)
Somehow, the filter did not give any results back. Later I realized the comma within the dn could be the culprit. The format of the dn was as following:
CN=LastName\, FirstName,OU=Users,DC=mycorp,DC=com
Eventually, here is the Java code I figured out when checking LDAP server with JNDI:
String sFilterPattern = "(member:1.2.840.113556.1.4.1941:=%dn)"; String sDN = "CN=LastName\\\\\\\\, FirstName,OU=Users,DC=mycorp,DC=com"; // 8 backslash sFilter = sFilter.replaceFirst("%dn", sDN);
When I dynamically obtained user’s dn and then used the dn to construct above filter, I had to patch extra backslashes using the following:
String sUserDN = method-to-return-user-dn(); String sDN = sUserDN.replaceFirst("\\\\", "\\\\\\\\\\\\\\\\"); // 16 backslash ... ...