Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

Not applicable

Setup a UDC with LDAP Filters - syntax ?

I am trying to set up a Active Directory UDC with a ldap filter and I cannot figure out the syntax for the filter.  I want to only bring in certain groups, i.e. Qlik Sense Admins, Qlik Sense Developers, Qlik Sense Users, etc.  Does anyone know the proper syntax to do this?

Thanks,

9 Replies
MVP
MVP

Re: Setup a UDC with LDAP Filters - syntax ?

Hi Sean,

You can use standard LDAP syntax like

(&((memberOf=cn=GroupName,OU=Org1,OU=SuborgA,DC=domain,DC=com))(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

In the Additional LDAP Filter within the QMC.

Miguel

Not applicable

Re: Setup a UDC with LDAP Filters - syntax ?

Sorry this was not helpful, I am not well versed with active directory and cannot decipher how to use this syntax.

MVP
MVP

Re: Setup a UDC with LDAP Filters - syntax ?

Sean,

The above reads: return all users that are persons and are not deactivated who belong to the group "GroupName" from the domain "domain.com".

This is the syntax you will need, and it may vary widely depending on how your AD is organized. I know this is not easy but this is how LDAP works.

Miguel

Not applicable

Re: Setup a UDC with LDAP Filters - syntax ?

How can use your syntax when i want to fetch the users from two groups ?

MVP
MVP

Re: Setup a UDC with LDAP Filters - syntax ?

Use the "|" instead of the "&":

(|(ou=Group1)(ou=Group2))

Recommended reading with several examples specific to Microsoft Active Directory:

http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters...

Not applicable

Re: Setup a UDC with LDAP Filters - syntax ?

(&(objectCategory=person)(objectClass=user) (|(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET)

(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET))

)

I tried the above syntax but it is not working can you please review it once.

MVP
MVP

Re: Setup a UDC with LDAP Filters - syntax ?

As far as I know, Active Directory does not support extended match (the ":=" in your query). (member instead of memberOf as per Search Filter Syntax (Windows)?) I cannot test myself

Also, did you check the group names? They are exactly the same: Group1 and Group1

Not applicable

Re: Setup a UDC with LDAP Filters - syntax ?

My group names are correct Group1 and Group2

this statement is working for me

(&(objectCategory=person)(objectClass=user) (memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET))


when I want to also filter users from group 2 it is not working.

MVP
MVP

Re: Setup a UDC with LDAP Filters - syntax ?

Try with:

(&

  (&

    (objectCategory=person)(objectClass=user)

  )

  ((memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET)(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,CN=Users,DC=HIT,DC=NET))

)

But again, I'm guessing based on what I find in Google, as I don't have a domain I can try with myself and it's a syntax issue.

Miguel