I want to create a LDAP search filter in the ldap.properties file; what are some of the ways I can ensure that my filter is effective?
Search filters enable you to define search criteria and provide more efficient and effective searches as part of the LDAP Authentication for the web user interface. This article outlines how construct a more sophisticated filter for the userSearchFilter property in the ldap.properties file.
The userSearchFilter parameter (added in AlarmPoint 4.0 patch 009) provides greater flexibility in searching because it allows you to put the LDAP Domain Template (from the web user interface) in any location within the search filter. A special substitution token, %TMPL%, indicates where the template should be inserted.
For example, to specify a prefix:
Or, to specify a more sophisticated filter:
Note: For more information about the ldap.properties file, and the other required parameters, see the article Can I configure xMatters to query the LDAP directory for a User's Distinguished Name?
Most LDAP servers support LDAP search filters; however, since LDAP servers are not created equal, the type of LDAP search filter provided should be compliant with your LDAP server. For more information, see your LDAP server documentation.
The following example illustrates how you could match for users distinguished by two objectClass attributes (one equal to 'person' and another to 'user'):
Notice the ampersand symbol (&) symbol at the start. Translated, this means: search for objectClass=person AND object=user.
Translated this means: search for objectClass=person OR object=user. The pipe symbol '|' denotes 'OR'. As this is not a special XML character, it should not need escaping.
The following ilustrates the use of wildcards:
This means: search for all entries that have objectClass=user AND a cn that contains the word 'Marketing'.
To exclude entities which match an expression, use an exclamation point (!). For example, the following will find all Chicago groups except those with a "Wrigleyville" OU component:
Note the extra parentheses around the excluded attribute: (!())
Originally created by Don Clark