This is continuation to OVD 11g experience related posts. Please refer the earlier posts here.
Usually when you are searching an user/group in LDAP we would apply filters. Here are few examples:
- (objectclass=person)
- (&(objectclass=user)(objectclass=inetorgperson))
- (|(mail=*@myorg.com)(uid=*@myorg.com)(sn=*)(givenname=*)(cn=*))
- (&(|(uid=*)(cn=*))(sn=*))
While you’re creating an LDAP Adapter, OVD provides an easy option to add these filters. In the specific Adapter, goto Routing tab. Observe the fields Filters to Include and Filters to Exclude.
The Filters to Include and Filters to Exclude settings are essentially a filter and apply to the LDAP search filters specified by a client. If a client search filter fulfills the logical requirements defined in the Filters to Include setting, that adapter is selected for inclusion in the set of adapters used in the search. Similarly, for the Filters to Exclude setting, if the logical requirements are met, that adapter is deselected from the set of adapters used in the client search.
In my case, I’ve created AD adapters for users and groups containers. Unfortunately the Users and Groups Search base in AD is same. Therefore while searching for User under mapped OVD Users container, the results shows groups and vice-versa.
Hence, I’ve used the Filters to Exclude attribute to define (objectclass=group*) in AD Users adapter and (objectclass=user*) in AD Groups adapter.
Comments are closed.