How To
ForgeRock Identity Platform
Does not apply to Identity Cloud
How do I test LDAP search filters in the Generic LDAP connector for IDM (All versions)?
The purpose of this article is to provide assistance on testing LDAP search filters in the Generic LDAP connector for IDM. LDAP search filters can be used in the Generic LDAP connector to filter users during synchronization activities (accountSynchronizationFilter) and during searches (accountSearchFilter).
Testing LDAP search filters
Filters such as accountSynchronizationFilter and accountSearchFilter in the Generic LDAP connector are standard LDAP search filters.
As such, you can test them using the DS ldapsearch command against the required LDAP server to check if they return (or exclude) the expected results.
Examples
- An example ldapsearch command for including all users who are a direct member of one of two groups: $ ./ldapsearch --port 4444 --baseDN dc=example,dc=com "(|(memberOf=cn=internal,ou=employees,ou=north,dc=example,dc=com)(memberOf=cn=internal,ou=employees,ou=south,dc=example,dc=com))"
- An example ldapsearch command for excluding a specific user (by employee ID): $ ./ldapsearch --port 4444 --baseDN dc=example,dc=com "(!(&(ObjectCategory=Person)(&(objectclass=User)(employeeID=1234))))"
See Also
How do I exclude specific users from syncing during liveSync in IDM (All versions)?
Related Training
N/A
Related Issue Tracker IDs
N/A