LDAP Data Source Record Filter


(Richard Crompton) #1

We have a LDAP Data Source asset that reads in all our details from the Active Directory.

 

Not all of these are our staff, i.e. mailboxes, admin accounts, etc.

 

I need to be able to filter these out and have been adding conditions in the record filter.

 

It works with just one, until I add another then stops working, I've set:

Logical Grouping 'Match on at least ONE condition'

Filter Mode 'Filter out the records matching the given conditions'

 

Conditions:

1 Record set field name homemta; Value to match ^$; Match type Regex match; Match case No; Allow empty Yes

2 Record set field name department; Value to match ^$; Match type Regex match; Match case No; Allow empty Yes

 

When I use condition 1 all those accounts without exchange details are filtered out, but when I apply condition 2 of those filtered out all those with a deepartment are added back.

 


(Tom Chadwin) #2

I've not looked at the LDAP settings in any great detail myself, but can you not achieve this via the Base DN, or whatever it's called? In other words, get the LDAP server to do all this work.


(Tom Chadwin) #3

Ignore that - misremembering the last time I worked with LDAP. Anyway, it can still be done. If it's Active Directory, can you add cn=Users to the beginning of the base DN:

 

cn=Users,dc=yourdomain,dc=com

 

If that doesn't narrow it down far enough, can you use the search filter screen rather than the record filter one, and put an appropriate LDAP filter in there (pseudocode, syntax from memory, Google to check it):

 

(&(attribute=value)(attribute=value))

 

To achieve your search, something like this could work:

 

(&!(homemta=*)!(department=*))

 

Or use that filter syntax only to pull in records which you know all people have filled in, and no non-people do (such as a phone number).


(Richard Crompton) #4

Thanks Tom, I'll look into those suggestions this week and get back to you.


(Richard Crompton) #5

Thanks very much Tom. Using the search filter has allowed us to filter down to just the records we needed.

 

Do you know if it is possible for the shadow assets that the LDAP Data Source creates to be given a web path?

 

We are trying to create a staff directory within Squiz and would like to display a page for each member of staff with their details from Active Directory. But, it seems that the shadow assets can't have a web path.

 

We also tried creating an asset listing with the intention of using a dynamic parameter from the GET variables to select just one asset to display, by specifying an asset id. But, as the shadow assets don't appear to have a proper asset id, we can't seem to do that either. When displayed, the asset id is in the form xxxx:y, where 'xxxx' is the asset id of the LDAP Data Source asset itself and 'y' is a number relating to the shadow asset.

 

Any idea as to how we might be able to get a page for each user from the LDAP directory?


(Richard Crompton) #6

We've now managed to get the asset listing working and paging - phew!

 

On a seperate thought, does anyone know if we can update the active directory from Matrix, i.e. allow each employee to be able toi update their respective details and have them pushed to AD.

We'd also have a trigger to email HR, to make sure that the details they enter are correct.


(Nic Hubbard) #7

We've now managed to get the asset listing working and paging - phew!

 

On a seperate thought, does anyone know if we can update the active directory from Matrix, i.e. allow each employee to be able toi update their respective details and have them pushed to AD.

We'd also have a trigger to email HR, to make sure that the details they enter are correct.

 

No, quite positive you cannot update AD records from Matrix.


(Bart Banda) #8

You can only do it if your AD has a web service exposed that Matrix can talk to. Then you could set up triggers or something that call and integrate with that API.