Given an LDAP tree (AD in my case), is there a way of searching with a wildcard at a specific level in the tree?
i.e. I'm wondering if there's an equivalent way of searching LDAP in the same way that you might do an ls /opt/*/lib in linux.
SnapOverflow
I don't think there's a one-liner that can do this. You could script (or code) it, though.
Pretty much any LDAP search you do in AD is going to involve the ldap_search_s() function. One of the things that function absolutely requires is a base from which to start the search. "DC=domain,DC=com" for example. You can use any OU or container as your base from which to start your search. To use your example, it might look like "OU=opt,DC=domain,DC=com". You cannot use wildcards in that string.
So in your hypothetical script, you run you query with the search base stated above, and use the filter (objectclass=container), and specifying the scope (base, one level, or subtree) of the search. That will get you a list of all containers under your search base.
Then, in your script, you could run more queries incorporating each of the elements in your list of containers. ("OU=lib,OU=dallas,OU=opt,DC=domain,DC=com","OU=lib,OU=atlanta,OU=opt,DC=domain,DC=com", etc.)
The bits in bold represent the variable in your script and you'd make a separate query for each container that you found in your first search for containers.
This sounds pretty crazy to me. You'd also have to figure out how to deal with recursion in a subtree search, etc.
Another approach would be to just search for the object(s) you intended to search for, and programmatically checking that each object's immediate parent container is OU=lib, and throwing them out if it's not. That probably slightly less insane.
But the point is, you're gonna have to script or code it. Wildcards can be used for attributes of objects *(telephonenumber=**555)* or kinds of objects (objectclass=user), but not for the nodes in a search base.