Skip to main content
Nintex Community Menu Bar
Knowledge Base

Build Filter Using LDAP Browser


Forum|alt.badge.img+3

Topic

Issue:
This article shows how to build an LDAP filter using LDAP Browser to further synchronize users from the Active Directory group.
 

 

Instructions 

Solution:
1. Open LDAP Browser.
2. If the connection profile is already created - skip to step 4.
3. Create a connection profile.

  • Click the “New” button.
  • Specify the name and click Next.
  • Open Keycloak page.
  • Navigate to User Federation.
  • Choose the federation you need to build the LDAP filter for.
  • Copy URL address from Connection URL field (without the “ldap://” prefix).
  • Paste it to the Host field. For LDAPS check the Use secure connection checkbox.
  • Click the Next button.
  • Choose Currently logged on user radio button (Assuming that RPA service user is logged on).
  • Click the Finish button.

4. Expand the connection profile.



5. Right-click on the DC which is specified in the Users DN file in Keycloak.



6. Click on the Directory Search button.


7. In the Filter file, type:
(&(objectCategory=group)(name=<GN>))
where <GN> is the name of the Active Directory group.

8. Click the Search button.
9. In the search results, right-click on the group name, click on the arrow to expand the options for Copy and select Copy DN.


10. In the same window, in the Filter field, type:
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=<FullDN>))
where <FullDN> is the value copied in previous step.

11. Click the Search button again.
12. Validate if the results show the required users.


13. Copy the contents of the Filter field to the Custom User LDAP Filter field of Keycloak.
14. Make sure the Subtree search scope is selected.

15. Save the changes.
Note:
To search in more than one group, use the OR logical operator, for example:
(&(objectCategory=Person)(sAMAccountName=*)(|(memberOf=<FullDN_A>)(memberOf=<FullDN_B>)(memberOf=<FullDN_C>)))
where the FullDN_X is the DN of each group.
 

 

 

Translate

0 replies

Be the first to reply!

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie Settings