Can wildcards be used in User DN Lookup field of IWA auth scheme?

Document ID : KB000013789
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Can wildcards be used in User DN Lookup field of IWA auth scheme?

Environment:
All supported releases
Answer:

Yes.  The policy sever only makes substitutions for the values of '%{DOMAIN}' and '%{UID}' using the values obtained from login and does not alter any other values included in the User DN Lookup.  

Please note that the use of wildcards in LDAP searches can yield unexpected results, so be sure your directory administrator is aware of the searches you are creating and that the directory is configured to support them, including the load they may put on the directory.