Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I am trying to set up a Active Directory UDC with a ldap filter and I cannot figure out the syntax for the filter. I want to only bring in certain groups, i.e. Qlik Sense Admins, Qlik Sense Developers, Qlik Sense Users, etc. Does anyone know the proper syntax to do this?
Thanks,
Hi Sean,
You can use standard LDAP syntax like
(&((memberOf=cn=GroupName,OU=Org1,OU=SuborgA,DC=domain,DC=com))(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
In the Additional LDAP Filter within the QMC.
Miguel
Sorry this was not helpful, I am not well versed with active directory and cannot decipher how to use this syntax.
Sean,
The above reads: return all users that are persons and are not deactivated who belong to the group "GroupName" from the domain "domain.com".
This is the syntax you will need, and it may vary widely depending on how your AD is organized. I know this is not easy but this is how LDAP works.
Miguel
How can use your syntax when i want to fetch the users from two groups ?
Use the "|" instead of the "&":
(|(ou=Group1)(ou=Group2))
Recommended reading with several examples specific to Microsoft Active Directory:
(&(objectCategory=person)(objectClass=user) (|(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET)
(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET))
)
I tried the above syntax but it is not working can you please review it once.
As far as I know, Active Directory does not support extended match (the ":=" in your query). (member instead of memberOf as per Search Filter Syntax (Windows)?) I cannot test myself
Also, did you check the group names? They are exactly the same: Group1 and Group1
My group names are correct Group1 and Group2
this statement is working for me
(&(objectCategory=person)(objectClass=user) (memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET))
when I want to also filter users from group 2 it is not working.
Try with:
(&
(&
(objectCategory=person)(objectClass=user)
)
((memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET)(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET))
)
But again, I'm guessing based on what I find in Google, as I don't have a domain I can try with myself and it's a syntax issue.
Miguel