Active Directory/LDAP Filter in identityIQ

  • 7011006
  • 20-Apr-2012
  • 02-Nov-2012

Environment

NetIQ Access Governance Suite

Situation

How do I properly configure a search filter within the Active Directory or LDAP applications for my business needs?
For example, there is a field within the Active Directory application named "Filter String".

Resolution

Search filters are not something developed for identityIQ. In other words, the product utlilizes generic search filter syntax.

Below is a Microsoft link explaining search filter syntax as well as providing several usage examples:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx

One could utilize a third party ldap browser to test various filter configurations. In fact, we encourage customers to do this type test configuration outside of identityIQ in order to eliminate identityIQ from any possible problems. Once you have a configuration working in the third party tool, you can transfer said configuration over to identityIQ. This also helps narrow down issues for support assistance (ex: is it an identityIQ issue or a problem outside of our product).

One free tool that can be used to do this is "Softerra LDAP Browser". When configured to connect to your Active Directory install, you have the option to specify a filter, which you can use to fine tune what you wish to eventually use in identityIQ. Below is a screenshot of an ldap browser with filter setting:

Screen shot 2012-04-17 at 2.27.21 PM.png

Feedback service temporarily unavailable. For content questions or problems, please contact Support.