How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I test LDAP search filters in the Generic LDAP Connector for IDM (All versions)?

Last updated Apr 8, 2021

The purpose of this article is to provide assistance on testing LDAP search filters in the Generic LDAP Connector for IDM. LDAP search filters can be used in the Generic LDAP Connector to filter users during synchronization activities (accountSynchronizationFilter) and during searches (accountSearchFilter).


Testing LDAP search filters

Filters such as accountSynchronizationFilter and accountSearchFilter in the Generic LDAP Connector are standard LDAP search filters.

As such, you can test them using the DS ldapsearch command against the required LDAP server to check if they return (or exclude) the expected results.

Examples

  • An example ldapsearch command for including all users who are a direct member of one of two groups: $ ./ldapsearch --port 4444 --baseDN dc=example,dc=com "(|(memberOf=cn=internal,ou=employees,ou=north,dc=example,dc=com)(memberOf=cn=internal,ou=employees,ou=south,dc=example,dc=com))"
  • An example ldapsearch command for excluding a specific user (by employee ID): $ ./ldapsearch --port 4444 --baseDN dc=example,dc=com "(!(&(ObjectCategory=Person)(&(objectclass=User)(employeeID=1234))))"

See Also

How do I exclude specific users from syncing during LiveSync in IDM (All versions)?

Tools Reference › ldapsearch

LDAP User Guide › LDAP Search

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.