What is the correct syntax for specifying a LDAP filter for users when configuring a partnership ?

Document ID : KB000022911
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

When selecting a Directory and a User Class of "Filter User Property", there is a text field where any value can be entered. What is the correct syntax that we should use ?

 

Answer:

Here are the different values that can be used :

LDAP:

  • Enter dn of the user as uid=user1,dc=ad,dc=infosys,dc=com (or whichever user added in the UD)
  • Enter entrydn of the group created in UD(or whichever group added in the UD) in "User name/filter By" field.
  • Enter ou property of ou(organizational unit) created in UD in "User name/filter By" field as "ou=value" eg. ou=people/ou=*pl* format. (All the properties doesn't work)
  • Enter entryid property of ou(organizational unit) created in UD in "User name/filter By" field as "entryid=value" eg. entryid=13 format. (All the properties doesn't work)
  • Enter cn property of Group created in UD in "User name/filter By" field as "cn=value" eg. cn=group/cn=*rou* format. (All the properties doesn't work)
  • Enter Mail property of User added in UD in "User name/filter By" field as "mail=value" eg. mail=user@ca.com/mail=*@com* format.
  • Enter telephonenumber property of User added in UD in "User name/filter By" field as "telephonenumber=value" eg. telephonenumber=12345 format.
  • Enter any property/any group/any ou corressponds to User added in UD in "User name/filter By".

 

ODBC:

  • Enter user1(or whichever user added in the UD) in "User name/filter By" field.
  • Enter group name like admin in "User name/filter By" field.
  • Enter a SQL/Oracle Query such that it results in all the users of a directory in "User name/filter By" field eg "Select * from SmUser".
  • Enter a SQL/Oracle Query such that it results in a single user of a directory in "User name/filter By" field eg "Select * from SmUser where userid=1" which results in a single user.
  • Enter a SQL/Oracle Query such that it results in two users of a directory in "User name/filter By" field eg "Select * from SmUser where userid=1 and PIN =1111" which results in two users.
  • Enter a SQL/Oracle Query such that it results in any of the attribute of the user in directory in "User name/filter By" field eg "Select EmailAddress from SmUser where userid=1".

 

MIXED LDAP/ODBC:

  • Enter the expression in "User name/filter by" field of LDAP such that it results in user1. And similarly enter the expression in "User name/filter by" field of ODBC such that it also results in user1.
  • Enter the expression in "User name/filter by" field of LDAP/ODBC/ADAM/ADUD such that it results in user1.

 

Additional information:

R12.52SP1 Documentation :  Federation Guides > Partnership Federation Guide > Federated User Identification for a Partnership

https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/2133809.html