Filtering Members from AD and LDAP Member Sources
When adding members to a role, you can filter members from the member sources, such as, AD, LDAP, or POSIX LDAP. The filtering mechanism uses search filters based on the criteria for filtering the members from AD or LDAP. The search filters help you to query the member sources to fetch the exact results that you are looking for.
The following table lists some examples using different AD and LDAP search criteria to filter the members.
| Search Criteria | Description |
|---|---|
| * | Retrieves all users and groups |
| Character or word search | Retrieves the results that contain the specified character or word |
| (cn=*protegrity*) | Retrieves all common names that contain the term protegrity in it |
| (sn=abc*) | Retrieves all surnames that starts with abc |
| (objectClass=*) | Retrieves all the results |
| (&(objectClass=user)(!(cn=protegrity))) | Retrieves all the users without the common name as protegrity |
| (&(cn=protegrity)(objectClass=user)(email=*)) | Retrieves all the users with an email attribute and with common name as protegrity |
| (!(email=*)) | Retrieves all the users without an email attribute |
| (&(objectClass=user)(| (cn=protegrity*)(cn=admin*))) | Retrieves all the users with common name that starts with protegrity or admin |
If the input in the search filter includes special characters, then you must use the escape sequence in place of the special character to make it a valid input in the search filters.
The following table lists the escape sequence for each of the special characters.
| ASCII Character | Escape Sequence |
|---|---|
| ( | \28 |
| ) | \29 |
| * | \2A |
| \ | \5C |
The following table lists some examples of search filters with the usage of escape sequences to include special characters in the search input.
| Input with Special Character | Input with Escape Sequence | Description |
|---|---|---|
| (cn=protegrity*)) | (cn=protegrity\2A\29) | The search filter retrieves the values that contain protegrity*) In this case, the parenthesis requires an escape sequence because it is unmatched. |
| (cn= abc (xyz) abc) | The search filter retrieves the values that contain abc (xyz) abc In this case, the escape sequence is not required as the parenthesis are matched. |