000036498 - How to modify the RSA Authentication Manager external identity source user search filter to filter users within a nested group OU

Document created by RSA Customer Support Employee on Sep 13, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036498
Applies ToRSA Product Set: SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition: 8.x
IssueThe article explains how to modify the Microsoft LDAP external identity source's user search filter in RSA Authentication Manager to filter users in a group within a nested OU.


  1. Login to the Authentication Manager's primary instance Operations Console.
  2. Select Deployment Configuration > Identity Sources > Manage Existing.
  3. When prompted, enter the super admin user ID and password.
  4. Click the identity source and select Edit from the dropdown list.

User-added image

  1. Click the Connection(s) tab or the Map tab to view the properties of the external identity resource.

User-added image

  1. Scroll down to the Directory Configuration - Users section and modify the default search filter to the string that is shown below:

(&(objectClass=User)(objectcategory=person)(memberOf=cn=NestedGroup,ou=NestedOU,ou=RSAUsers,dc=2k8r2-vcloud, dc=local))

User-added image

  1. Once done, click Save and Finish for the changes to take effect.
  2. Login to the primary's Security Console and verify that the user accounts from the Microsoft LDAP Directory are correctly filtered, based on the syntax from step 5.

User-added image
NotesThe query for the user search filter above is based on the following scenario:
  1. A nested Organizational Unit named NestedOU is created within another Organizational Unit of RSAUsers.
  2. A group named NestedGroup is now created within the Organization Unit of NestedOU.

User-added image

For steps on how to create a new identity resource, refer to article 000033238 - How to create an external LDAP identity source in RSA Authentication Manager 8.1 SP1 or later.