How to write search filter for searching a mobile number or telephone number in LDAP?

Question

How to write search filter for searching a mobile number or telephone number in LDAP?

I want to query LDAP using search filters. For connecting to the LDAP server I am using node.js.

I am able to search any name in LDAP using the search filter. But when I try to search for any mobile number or telephone number i am getting the error: request timeout (client interrupt).

Here is the node.js code that works when I search for a name:

var ldap = require('ldapjs');
var sys   = require('sys');
var assert   = require('assert-plus');

var username = 'XXXXXXX';
var password = 'XXXXXXX';
var domain = "cts.com";
var searchBase = 'dc=cts,dc=com';


var client = ldap.createClient({
    url: 'ldap://myipaddress:portnumber',
    bindDN: "cts.com",
    timeout: 5000,
    connectTimeout: 10000
});

client.bind('cts\\'+username, password, function (err) {
    if (err) {
        console.log(err);
        client.unbind(function (err) {
            console.log('3');
            if (!err) {
                console.log('successfully unbind');
            }
            else {
                console.log(err);
            }
        });
    } else {
        console.log('authenticated');
        var searchResult = search();
    }
});

function search(){
    var opts = {
        filter:'(sAMAccountName='+username+')',
        scope: 'sub',
        attributes: ['sAMAccountName','name','givenName','distinguishedName','displayName','cn','sn',
                    'mail','title','description','department','company','manager',
                    'telephoneNumber','mobile','co','c','l','st','postalCode'],
    };

    client.search(searchBase, opts, function(err, res) {
        assert.ifError(err);

        res.on('searchEntry', function(entry) {
            console.log('searchEntry');
            var user = entry.object;
            console.log(user.objectGUID);
            if(entry.object){
                console.log('entry: %j ' + JSON.stringify(entry.object))
            }
        });
        res.on('searchReference', function(referral) {
            console.log('searchReference');
            console.log('referral: ' + referral.uris.join());
        });
        res.on('error', function(err) {
            console.error('error: ' + err.message);
        });
        res.on('end', function(result) {
            console.log('status: ' + result.status);
            return result;      
        });
    });
}

The result I get after running the above code in command prompt is:

authenticated
undefined
searchEntry
undefined

entry: %j {"dn":"CN=anyname,OU=Users,OU=DLF,OU=Chennai,OU=India,OU=APAC,OU=mycompanyname,DC=cts,DC=com","controls":[],"cn":"name","sn":"K-5","c":"IN","l":"C
    hennai","st":"TN","title":"Developer","description":"Associate","postalCode":"600089","telephoneNumber":"123455","givenName":"XXXXXXXXX","distinguis
    hedName":"CN=XXXXXXXX,OU=Users,OU=DLF,OU=Chennai,OU=India,OU=APAC,OU=Cognizant,DC=cts,DC=com","displayName":"XXXXXXXX","co":"IND","department":"Mobility-MM","company":"Any Company Name","name":"anyname","sAMAccountName":"employeeID","mail":"mailid@gmail.com","mobile":"999-091-3918"
}

Next I need to search LDAP for the field "mobile". So what i did was, i rewrite the search filter as

var searchNumber = '999-091-3918';

var opts = {
        filter:'(mobile='+searchNumber+')',
        scope: 'sub',
        attributes: ['sAMAccountName','name','givenName','distinguishedName','displayName','cn','sn',
                    'mail','title','description','department','company','manager',
                    'telephoneNumber','mobile','co','c','l','st','postalCode'],
    };

and run the code.

This time i get error request timeout (client interrupt). Can anyone help me how to write search filter for mobile and telephone number in LDAP?

node.js
ldap

Answer 1

You must escape search values in LDAP filter strings because characters like ( or ) have special meaning and break the filter when left unescaped.

The character escape pattern for LDAP filter strings is "\" and the hex code of the character. "(" would be "\28".

Also see http://msdn.microsoft.com/en-us/library/aa746475.aspx, section "Special Characters"

So your filter should be (of course this applies to all other fields like "name" as well):

var opts = {
        filter:'(mobile=' + ldapFilterEscape(searchNumber) + ')',
        // etc, etc
    };

where ldapFilterEscape is

function ldapFilterEscape(str) {
    return str.replace(/[*()\\\/]/g, function ($0) {
        return "\\" + $0.charCodeAt(0).toString(16);
    });
}