Forum Discussion

coreyva's avatar
coreyva
Icon for Nimbostratus rankNimbostratus
Aug 10, 2017

AD query SearchFilter multiple searches

I'm working on an APM profile and within an AD query SearchFilter I'd like to check a session variable against multiple fields. So something like this userPrincipalName=%{session.logon.last.usern...
BIG-IP Access Policy Manager (APM)
cloud
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus

Hi, ad query filter format is standard ldap filter

|(condition1)(condition2)(condition3)

The operator is at the beginning

 |(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username})
svs's avatar
svs
Icon for Cirrostratus rankCirrostratus
Nov 10, 2021

Hi Stanislas,

this is syntactically incorrect. The whole statement needs to embraced with brackets:

(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username}))

And as many users may look for something, where either an email address or the sAMAccountName could be used:

(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username})(sAMAccountName=%{session.logon.last.username}))

Hope that helps anyone, who is looking for especially this very bad documented search filter field in AD Query agent of the access policy.

This was successfully tested today on 16.1.2.