Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


cn=${uid} - The default LDAP filter using common name as the username

mail=${uid} - An example LDAP filter using email address as the username

(&(objectCategory=Person)(sAMAccountName=${uid})) - The Default ActiveDirectory filter uses the Windows login as the username and requires the user to have an object category of person.

(&(objectCategory=Person)(|(mail=${uid})(sAMAccountName=${uid}))) - An example where the default has been modified to accept either the email address or the Windows username as the user ID along with the object category of person. The 'or' here is signified by the easy to miss pipe just before (mail=...

(&(objectCategory=Person)(mail=${uid})(memberOf=cn=students,dc=domain,dc=com)) - An example ActiveDirectory filter still requiring the user to have an object category of person but this time using the primary email address as the username and additionally limited to users in the students security group.See some more example filters

Technical information for your IT team:


All connections from us will come from specified these IP addresses ( and . Any and any changes to these would be communicated in advance.

The admin credentials bind used MUST have sufficient access to search for accounts and read the FQDN of any user account (that should have access).

The admin credentials bind used SHOULD have sufficient access to read all mappable attributes for user accounts so that typeaheads work when setting up mappings and permission set rules.