Print this page

Using Identity Connect UI to configure the Active Directory Connector

Knowledge Article Number 000205680
Description How to use the Group and User Filter in the Identity connect or trying to limit the user in Identity connect
 
Resolution You can use the Identity Connect UI to configure the Active Directory Connector. Instructions for setting up the user and group filters are documented in Section: Configuring the Active Directory Connector of the user guide available at 
http://resources.docs.salesforce.com/rel1/doc/en-us/static/pdf/identity_connect_impl_guide.pdf

It's recommended that you first use the "Base Context" setting to narrow the scope of user and group searches. The "User Filter" and "Group Filter" settings should be used only to exclude those few records that should be filtered from the "Base Context".

For example, please refer the screenshot on page 24 of the User Guide, you will see that in this example:

•             Identity Connect will search for all users and groups in 2 base contexts: "CN=users,DC=example,DC=com" and "CN=employees,DC=example,DC=com"
•             Within those 2 base contexts, when user searches are performed, the "User Filter" will enable Identity Connect to select all records with an objectClass of "user" that does not also have an objectClass of "Computer"
•             Similarly, within those 2 base contexts, when group searches are performed, the "Group Filter" will enable Identity Connect to select all records with an objectClass of "group" that does not also have the cn of

"Domain Users"
Page 27 of the User Guide provides more details about how to update the "User Filter" and "Group Filter" settings. If you clicks on the "User Filter" text box, it will open a dialog to create additional user filters using the standard LDAP filter syntax:
   http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

 




promote demote