I am looking for a solution for a custom user searchfilter. Here is the example LDAP query I use to filter out all the crap in AD:
(&(objectCategory=person)(objectClass=user)(cn=)(givenName=)(mail=*et.com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
By default, all that is there is (objectClass=organizationalPerson). I assume that I can just copy and paste my ldap query into the wildfire.xml under the field.
Do any of the experts out there know of any problems I will run into using the above ldap query?
Thanks!
Drew
Okay, so I didn’'t get a response so I figured I would just give it a shot… no go. Not really sure where Wildfire had the problem but I did make some progress. By only using:
(objectCategory=person)(objectClass=user)(cn=)(givenName=)(mail=*et.com)
So, the problem was either with my logical AND (&) or my logical NOT (!).
Or, it could have been the userAccountControl object property is not supported. I use this property to filter out disabled user accounts in AD LDAP queries. “userAccountControl:1.2.840.113556.1.4.803:=2” means the account has been disabled.
Does anybody have any ideas?
After doing a little more research, I came across this thread:
http://www.igniterealtime.org/forum/thread.jspa?messageID=132170
I changed my search filter to this:
It works like a charm. Now, the only users that show up out of AD are thos with a value set for firstname, lastname, e-mail address and those that are not disabled.