• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 15 replies
  • Subscribers 9 subscribers
  • Views 18405 views
  • Users 0 members are here
Related Discussions
Home » Discussions » General

How to Build a Search Filter in LDAP Query

sikhivahans

All, I would like to know how to build a search filter in ldap query in order to search for the users from a particular group for a given DN and OU. Please note that I am making use of LDAP Tools plugin.

Here's the information of the LDAP environment:

Full LDAP Server URL: ldap://myhostname:389
Service Manager Username: CN=Administrator
Service Manager Password: Welcome@123
Base DN: dc=appian
OU: hr (heirarchically falls under dc=appian)
scsExternalSystemKey: ldap.local

And here's how I have tried configuring the search filter in various ways, but I am unable to retrieve any results:

1. ldapsearch(
config:{
scsExternalSystemKey:"ldap.local",
usePerUserCredentials:false,
url:"ldap://myhostname:389",
baseDN: "dc=appian,ou=hr"
},
searchFilter:"(&(ObjectClass=inetOrgPerson)(uid=user.1)(memberof=CN=development,OU=hr,DC=appian))",
attributes:{},
pagingInfo:a!pagingInfo(
startIndex:1,
...

OriginalPostID-214261

OriginalPostID-214261

  Discussion posts and replies are publicly visible

  • 0
    @sikhivahans, For some reason CN alone is not working, may be my CN is not an Admin account in LDAP, so connection failed. but DN is working.
  • 0
    @saravanana As far as I remember, CN didn't work for me and that's why I have opted for DN after trying for some time. Anyhow I will make a quick check tonight if possible.
  • 0
    @ sikhivahans / @ Mike, we would like to sync up manager attribute to Supervisor in Appian user profile. the problem is manager is mapped to DN and LDAP sync is failing. Is there any suggestion to sync up supervisor from AD using this shared service plug-in?
  • 0
    Certified Lead Developer
     in reply to saravanana

    Hello All,

    I am facing following issue with ldapsearch(). 

    Could anyone please suggest what could be the issue?

    Active Directory Configuration:

     

    Scenario#1

    = ldapsearch(

      config: {

        scsExternalSystemKey: "ldap.test",

        usePerUserCredentials: false,

        url: "ldap://10.X.X.X:389",

        baseDN: "DC=PSIAPPIAN,DC=com"

      },

      searchFilter: "(&(ObjectClass=organizationalPerson)(uid=Administrator)(isMemberOf=CN=Administrators,CN=Builtin,DC=PSIAPPIAN,DC=com))",

      attributes: {},

      pagingInfo: a!pagingInfo(

        startIndex: 1,

        batchSize: - 1

      )

     

    Output:

    Time: 82 ms
    Type: LdapResponse

    LdapResponse

    success: false

    result: null (DataSubset)

    error: "Failed to request page: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of: '' ]; remaining name ''"

     

    Scenario#2

    =ldapsearch(

      config: {

        scsExternalSystemKey: "ldap.test",

        usePerUserCredentials: false,

        url: "ldap://10.X.X.X:389/DC=PSIAPPIAN,DC=com"

      },

      searchFilter: "(&(ObjectClass=organizationalPerson)(uid=Administrator)(isMemberOf=CN=Administrators,CN=Builtin,DC=PSIAPPIAN,DC=com))",

      attributes: {},

      pagingInfo: a!pagingInfo(

        startIndex: 1,

        batchSize: - 1

      )

    )

     

    Output:

    Time: 52 ms
    Type: LdapResponse
    Value: LdapResponse

    success: true

    result: DataSubset

    startIndex: 1

    batchSize: -1

    sort: null (List of SortInfo)

    totalCount: 0

    data: null (List of Variant)

    identifiers: null (List of Variant)

    error: null (Text)

  • 0
    Certified Lead Developer
     in reply to Abhay Dalsaniya

    In scenario#2, it returns success: true however the data was returned as null, it should have returned data for "Administrator".

    And I am using complete DN as username in third party credentials store.

     
© 2025 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.