Forum Discussion
coreyva
Nimbostratus
NimbostratusAD query SearchFilter multiple searches
I'm working on an APM profile and within an AD query SearchFilter I'd like to check a session variable against multiple fields. So something like this
userPrincipalName=%{session.logon.last.username}||mail=%{session.logon.last.username}Is this possible? I haven't seen it done anywhere and have been unsuccessful in getting the syntax correct.
Stanislas_Piro2Cumulonimbus
Hi, ad query filter format is standard ldap filter
|(condition1)(condition2)(condition3)The operator is at the beginning
|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username})
svsCirrostratus
Hi Stanislas,
this is syntactically incorrect. The whole statement needs to embraced with brackets:
(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username}))And as many users may look for something, where either an email address or the sAMAccountName could be used:
(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username})(sAMAccountName=%{session.logon.last.username}))Hope that helps anyone, who is looking for especially this very bad documented search filter field in AD Query agent of the access policy.
This was successfully tested today on 16.1.2.
Jad_Tabbara__J1Hello Coryva,
Based on this question https://devcentral.f5.com/questions/ad-query-search-filter and Micheal J answer, the search filter syntax is in LDAP format.
You can find here the supported Search Filter Syntax :
You need to try the following
(|(userPrincipalName=%{session.logon.last.username})(mail=%{session.logon.last.username}))Hope it helps
Please give us a feedback
Regards