AD Search filters
Originally Published: 2019-08-02
Article Number
Applies To
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0.2
Issue
I tested this issue in 7.0.2 GA - P06 and issue is reproduced when filter query has carriage return.
Cause
Failing Queries
1)
(&(objectCategory=person)
(objectClass=user)
(sAMAccountName=*))
2)
(&(objectCategory=person)(objectClass=user)
(sAMAccountName=*))
3) Below query will fail inside the configuration as well.
(&
(objectCategory=person)
(objectClass=user)
(sAMAccountName=*))
(&(objectCategory=person)(objectClass=user)(sAMAccountName=*)
(|(memberOf=CN=Group-1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
(memberOf=CN=Group-2,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
)
)
Resolution
Workaround
To resolve this issue, you can workaround this issue by removing the new line or apply P07 or higher(latest patch for IG&L 7.0.2 is P14)
Below are examples of working vs non-working filter queries as I tested:
Working filters (Where both Tests work fine)
1) (memberOf=CN=Group-1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
2) (&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(|(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)))
3) (&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(|(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-2,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)))
4) (&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(|(memberOf=CN=Group-1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-2,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-4,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-5,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-6,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)))
Related Articles
ManageEngine ADSelfService Plus - RSA Ready Implementation Guide Number of Views Troubleshooting SWIFT Alliance Access with RSA Authentication Manager using RADIUS protocol Number of Views Numeric Token Types in AMIS Calls Number of Views IIS command line syntax specifications Number of Views How to Generate a JSON Web Token (JWT) for RSA SecurID Access Administration API Calls Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
