AD Search filters
3 years ago
Originally Published: 2019-08-02
Article Number
000040951
Applies To
RSA Product Set: Identity Governance and Lifecycle
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0.2

 
Issue
ADC 'EMIA Account Collector' failed with the AD Search filters.

I tested this issue in 7.0.2 GA - P06 and issue is reproduced when filter query has carriage return. 
Cause
The exception you are observing in the 'EMIA Account Collector' is due to carriage return in the filter queries. 

Failing Queries
1) 
(&(objectCategory=person)
(objectClass=user)
(sAMAccountName=*))

2) 
(&(objectCategory=person)(objectClass=user)
(sAMAccountName=*))

3) Below query will fail inside the configuration as well.
(&
(objectCategory=person)
(objectClass=user)
(sAMAccountName=*))

(&(objectCategory=person)(objectClass=user)(sAMAccountName=*)
(|(memberOf=CN=Group-1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
(memberOf=CN=Group-2,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)
)
)
 
Resolution
 This issue fixed in P07. 
 
Workaround

To resolve this issue, you can workaround this issue by removing the new line or apply P07 or higher(latest patch for IG&L 7.0.2 is P14) 

Below are examples of working vs non-working filter queries as I tested: 

Working filters (Where both Tests work fine)
1) (memberOf=CN=Group-1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)

2) (&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(|(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)))

3) (&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(|(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-2,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)))

4) (&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(|(memberOf=CN=Group-1,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-2,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-3,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-4,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-5,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)(memberOf=CN=Group-6,OU=vcloud Users,DC=2k8r2-vcloud,DC=local)))


 

Related Articles

Trending Articles

Don't see what you're looking for?