powered by Jive Software

AD LDAP Search Filter Assistance

okay,

I got Jive to integrate with LDAP just fine but can’'t seem to get my Search Filter working.

I’‘ve used SoftErra Ldap Browser and LDAP Browser Editor and my search filter works fine with both. But when I try to add it to the Jive config file it doesn’'t work.

My LDAP search filter is as follows (All users whose account is not disabled and member of Marketing Group)

(&(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(memberO f=CN=Marketing,CN=users,DC=craizie,DC=com))

below Is my config file.

Am I missing something in the Search Filter? Or in my LDAP configuration?

Thanks

This element in the query looks suspect

userAccountControl:1.2.840.113556.1.4.803:=2[/code]

What if you drop of the :1.2.840.113556.1.4.803:[/b]? I think that’'s only to specify the data type, but I could be mistaken.

Noah

Noah,

I believe the

userAccountControl:1.2.840.113556.1.4.803:=2[/code]

filter works properly. That’‘s how Active Directory does bitwise permissions. If that value equals 2, the account is disabled. What I’'m not sure of is if it works properly in JM. It does work properly from the linux command line.

SupaXStarz,

Your filter does appear to be valid. One small tidbit is that if you are doing all & operations, you can keep them on the same level, like this:

(&(A)(B)(!©))[/code]

So you could simplify your filter a little by using this:

(&

(objectClass=user)

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

(memberOf=CN=Marketing,CN=users,DC=craizie,DC=com)

)[/code]

What happens if you take the userAccountControl check out? Do you get all the users including the disabled ones?

It appears there may be another way to select only active accounts according to this thread:

http://jivesoftware.org/community/thread.jspa?messageID=99971

Use userAccountControl=66048[/b] to select only active accounts. Try that and see if it makes any difference.

Noah,

the LDAP query against AD does not work without :1.2.840.113556.1.4.803: in either Jive or any other LDAP Browser

I’'m running Jive 2.2.0 on Windows 2000 Advanced if that helps anyone.

Thanks.

hrothgar,

The simplified query you supplied works on LDAP browers but still not in Jive. I can log onto Jive with the search query but all the AD accounts still show up without any disabled or non member accounts being filtered out.

Is there something I’'m forgetting to include in my config file?

Has anyone else in Windows 2000 Environment having similar problems? Or has anyone else been able to get search filter working in Jive and Windows 2K?

Thanks.

Tried the userAccountControl=66048 and it works

Thanks You Guys!