Navigation:  Setting up and running user synchronization >

Examples of LDAP filters for connecting to a directory service

 Previous  Top  Next

The domain configuration directory and search fields use the LDAP search syntax. In this section, you will be given some basic concepts and examples on how to set up a search filter.

 

In the table below, the description of the logical operators that can be used in the syntax of the search filter is presented:

Logical Operator

Description

=

Equal to

<=

Lexicographically less than or equal to

>=

Lexicographically greater than or equal to

&

AND

|

OR

!

NO

 

Examples of search filters

See the table below for some examples on how to complete the Search field of the configuration screen of a directory:

Search fields "Filter"

Description

(displayName=John Smith)

Lists the user "John Smith", who will have access to the system.

(!(displayName=John Smith))

User "John Smith" will not have access to the system. Returns all users, except "John Smith".

(&(objectClass=User)(department=Commercial))

Lists all users of the "Commercial" department.

(&(objectClass=User)(|(department=Commercial)(department=Financial)))

Lists all users of the "Commercial" or "Financial" department.

department=*

Lists all users who have a department.

(&(ObjectClass=User)(!(ObjectClass=Computer))(|(department=Commercial)(department=Financial))(department=*)(title=*))

Lists all users, excluding computer records, that are located in the "Commercial" and "Financial" department and have the position attribute filled in.

(&(memberOf=CN=SoftExpert,OR=Systems,DC=softexpert.local))

Lists all users group members (SoftExpert in the example) of the system access.

 

The system allows defining a filter for searching users and another one for searching groups within the respective domain. Regardless of the filter set for searching users and groups in the domain in question, SE Suite has a pre-defined rule which consists of:

the user filter will always search for users (objectClass=user)

the group filter will always search for groups (objectClass=group)

That is, the defined filter will be added to the SE Suite default filter.

 

There are several examples and tutorials available on the internet that may be helpful (search for the "LDAP Search Filter Syntax" key) or, for more information, visit https://ldap.com/ldap-filters/.

 

Example of filling the directory field

Consider a "DptoTest" directory within the "contoso.local" domain:

 

sda0014

 

Here are some examples on how to complete the Directory field of a domain configuration screen:

Example to apply the filter in the above directory: (OR=DptoTest,OR=Company,DC=contoso,DC=local)

Example with two directories ("Test1" and "Test2"). To do the search in more than one directory, simply add another directory separated by comma: (OR=Test1,DC=contoso,DC=local),(OR=Test2,DC=contoso,DC=local)

 

ATTENTION!

If only one directory is selected, the search will extend to its subdirectories (if any). However, if more than one directory is selected, the search will be performed only in these directories.