000033615 - How to determine useful syntax for LDAP Filters in RSA Archer 6.x

Document created by RSA Customer Support Employee on Jul 26, 2016Last modified by RSA Customer Support on May 1, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033615
Applies ToRSA Product Set: Archer
RSA Product/Service Type: Archer
RSA Version/Condition: 6.x
IssueConfiguring different syntax for existing filters can be complicated let alone making or writing a new filter. The information provided in this KB won't teach you how to write an LDAP filter but will show some syntax and maybe provide an understanding of the composition of an LDAP filter.
ResolutionLDAP syntax filters can be used in many situations to query Active Directory. A filter specifies the conditions that must be met for a record to be included in the recordset that results from a query. 

An LDAP filter has one or more clauses, each enclosed in parentheses. Each clause evaluates to either True or False. An LDAP syntax filter clause is in the following form:

(<AD Attribute><comparison operator><value>)

The following is a few syntax characters and their meanings. 

" ( " - Start grouping of filter clauses
" ) " - End grouping of filter clauses
" | " - an of the following conditions must be met
"&" - AND, all conditions must be met
" memberof " - condition set that users must be a member of a certain group
" cn " - object with common name
" ou " - organization unit

For additional information, please reference the following Microsoft technet article Active Directory: LDAP Syntax Filters: http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

*It is recommended that you work with your Active Directory Administrator or team to draft useable LDAP filters*