Set "User Object Filter" to OU, not CN

stefan b. November 12, 2017

Hi,

is it possible to set the User Object Filter to an OU and not to an ad-group?

At the moment it is set to:
User Object Filter:

(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=cn=Jira_Test,OU=RG_Jira,OU=Groups,DC=net,DC=local))

 

We would like to set is to something like that (cn=Jira_Test, is removed).
User Object Filter:

(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=OU=RG_Jira,OU=Groups,DC=net,DC=local))

 

 

Thank you + BR

2 answers

0 votes
stefan b. November 13, 2017

Hi Gonchik,

well good question, if we set the User Object Filter to CN ( a AD-group) all other AD-Groups must be member of the main AD-group. You always have to keep this in mind, when you add a new AD-group.

CN=Jira-All,OU=RG_Jira,OU=Groups,DC=net,DC=local

Jira-All

Jira-Write (member of Jira-All)

Jira-Read (member of Jira-All)

 

In my opinion this is unnecessary when we read all ad-groups and the containing users of one OU.

OU=RG_Jira,OU=Groups,DC=net,DC=local

Jira-Write 

Jira-Read 

So you don't have to add the ad-group to the main-ad-group.

 

BR
Stefan

0 votes
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 12, 2017

Hi Stefan,

 

Could you describe your use case? 

If you want to set filter on OU level, better way use on basedn.

 

 

https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html

 

BR,

Gonchik Tsymzhitov

Suggest an answer

Log in or Sign up to answer