1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Filtering LDAP Users

Filtering LDAP Users

4 posts, 0 answered
  1. Jeff Clark
    Jeff Clark avatar
    8 posts
    Registered:
    04 Feb 2010
    07 Mar 2011
    Link to this post
    We are using Sitefinity 4.0 SP1. I have setup an LDAP connection to our Active Directory and it is working. I set the UserDN to the root of our AD and kept the default UserFilter.
     
    However I don't want to see all the users in my active directory. I want to be able to choose all the users under specific OU trees and I have more than one OU tree to include.

    Is it possible to set multiple UserDN paths (one for each OU tree to include)?
    If not, is it possible to use a filter to get just the users from specific OU trees?

    Thanks for your help.
  2. Teodor
    Teodor avatar
    52 posts
    Registered:
    24 Sep 2012
    09 Mar 2011
    Link to this post
    Hello Jeff ,

    No it is not possible to have multiple UserDN paths , but you can set a filter that include only specific DN paths. You can enter the filter in UserFilter.

    Regards,
    Teodor
    the Telerik team
  3. Jeff Clark
    Jeff Clark avatar
    8 posts
    Registered:
    04 Feb 2010
    09 Mar 2011
    Link to this post
    Thank you for the reply. As a temporary measure I have setup a security group and used this filter which is working.
    (&(!(objectClass=computer))(objectClass=person)(memberOf=CN=Sitefinity-Users,CN=Users,DC=mydomain,DC=com))

    However I would rather not have to keep a group updated with users and would prefer pull users from specific OU trees.  I am having dificulty getting the filter right.

    Can you give me an example of how to filter based on OU?

    I have tried the following, but it does not work. I am not sure if the syntax that I used is supported by AD. Note: Employees is at the root and there are sub OU's of Employees. I want all the users under Employees.

    (&(!(objectClass=computer))(objectClass=person)(ou:dn:=Employees))


    Thanks.
  4. Teodor
    Teodor avatar
    52 posts
    Registered:
    24 Sep 2012
    15 Mar 2011
    Link to this post
    Hi Jeff Clark,

    I think it is possible but  we can't help you to create the filter. I suggest you to contacting your sysadmin for more information how to do this - it pretty much depends on your AD configuration.

    Greetings,
    Teodor
    the Telerik team
4 posts, 0 answered