LDAP Users integration Filtering

sLuintel
Giga Expert

‎01-26-2016 03:28 AM

We have a LDAP integration set up and it works fine. However, there are a lot of generic accounts set in AD and these are being pulled into service now as well. What is the best way to filter this from coming in?

Labels:
0 Helpfuls
  • 1,509 Views
5 REPLIES 5

march
Kilo Guru

‎01-26-2016 03:48 AM

The best way to filter this out is by specifying an RDN (if possible - that will depend on how your AD is organized) and a filter to the "LDAP OU Definition defined under your LDAP Server configuration.



For Example:


If i know that the accounts i'm interested in are stored in the Account OU of the Canada OU, then i will use -> RDN: OU=Accounts,OU=Canada


I can then apply a filter to collect only certain object type -> Filter: (objectClass=person)(objectClass=organizationalPerson)



This needs of course fine tuning based on your specific setup



BR
Marc.


0 Helpfuls

sLuintel
Giga Expert
In response to march

‎01-26-2016 03:52 AM

Hi



I think the AD might need some tidying up, currently they are all in OU- Users, and thats what service now is pulling in, its pulling in all under OU- Users.


Thank you for your reply.


0 Helpfuls

march
Kilo Guru
In response to sLuintel

‎01-26-2016 03:56 AM

You can, play further with the filter. For example, if the real users have an email address, and the oob one don't, then you can decide only to pull users with an email defined and extend the filter to:



(&(objectClass=person)(objectClass=organizationalPerson)(mail=*))


0 Helpfuls

Ravi Prasad1
Tera Guru

‎01-26-2016 03:53 AM

Hi Sweeda,



Make use of below conditions.



find_real_file.png



Thanks,


Ravi


Preview file
9 KB
0 Helpfuls