[KLUG Members] LDAP search

[Jeremy Leonard]

I'm trying to write an LDAP filter that will exclude a specific OU from 
the results.

I have (&(objectclass=user)(!(objectclass=computer)))
This works but I have an ou called users that contains all the system 
users I don't want included in the results.

My search base is dc=my-domain,dc=com.

The ou I want to exclude users from is ou=users,dc=my-domain,dc=com.

I've tried 
(&(objectclass=user)(!(objectclass=computer))(!(dc=cn=*,ou=users,dc=my-domain,dc=com)))

But it didn't work.

I've also tried using just (dc=cn=*,ou=users,dc=my-domain,dc=com) to see 
if it would return just the users in this ou but it didn't work either.

I have 30 ou's I'm searching. I don't want to have to do a specific 
search on all of these ou's. I think that would be too much overhead.

Thanks,
Jeremy