Apply Filter to LDAP in Partnership Federation

Document ID : KB000099441
Last Modified Date : 01/06/2018
Show Technical Document Details
Question:
We are trying to implement the following LDAP filter to an existing
partnership: (&(uid=*)(userRoles=MYROLE;MYROLE_USER))

But it seems this one doesn't work. How should we configure this ?
Answer:
The semicolon is used to separate multiple DNs in a search query, but
it does not apply in a LDAP filter. This should be done differently.

Please, check the "Filter Any" example 2 on the following document: 

  User Identification for a Partnership
  https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/partnership-federation/user-identification-for-a-partnership 

For this and more information on the LDAP filters, you can check: 

  https://www.ldap.com/ldap-filters 
  https://docs.ldap.com/specs/rfc4515.txt 

  Apply extensible match filters to identify that the user has both
  roles