LDAP Filters
The LDAP protocol has a filter with its own syntax for querying the directory based on document RFC2254.
SmartSync is preconfigured with a filter that imports all users that have the first name, last name, and e-mail addresses filled in, as well as groups from the Active Directory. However, the application also allows the administrator to customize the filter that will be used for initial user import, as long as the syntax and filter entered are valid.
The following table shows the most commonly used operators for configuring filters to search for records in LDAP directories.
| Logical Operator | Description |
|---|---|
| = | Equal to |
| <= | Less than or equal to |
| >= | Greater than or equal to |
| & | And |
| | | Or |
| ! | Not |
The following table shows examples of syntax for LDAP directory searches.
| Description | Syntax |
|---|---|
| All objects | (objectClass=*) |
| Users with an email filled in | (&(objectClass=user)(objectClass=person)(mail=*)) |
| Groups with a description filled in | (&(objectCategory=group)(description=*)) |
| Users who belong to a particular group | (&(objectClass=user)(objectClass=person)(memberOf=CN=yourgroup,OU=yourOU,DC=yourcompany,DC=com)) |
| Search for a specific user by SamAccountName | (&(objectClass=user)(objectClass=person)(sAMAccountName=seunome)) |
| All users except one group | (&(objectCategory=person)(objectClass=user)(!(memberOf=CN=yourgroup,OU=yourOU,DC=yourcompany,DC=com))) |
Notification!
If the default SmartSync filter is modified by another filter with incorrect syntax, or the filter conditions are not valid, the import of users may not be performed.
User import filter
When configuring a domain in SmartSync, you can set the criteria for the first import of users from Active Directory to Identity through the User Filter field.
The default value of the User Filter field for Active Directory:
(&(objectClass=user)(objectCategory=person))
To import users from Active Directory to Identity, the registration of these users must include the following properties. In addition, the filter configured in the User Filter field is also taken into account during the user import.
| Property | Description |
|---|---|
| givenName | User name |
| sn | User's last name |
User's email | |
| userAccountControl | User status must be active |
| objectGUID | Unique Global Value |
Group import filter
When configuring a domain in SmartSync, you can set the criteria for the first import of users from Active Directory to Identity through the Group Filter field.
The default value of the Group Filter field for Active Directory:
(objectCategory=group)
Visão Geral
Import HTML Content
Conteúdo das Ferramentas
Tarefas