AD Source Ldap Filter to aggregate accounts with sAMAccountName values that match special pattern

Hi,

I was able to aggregate accounts without any LDAP filter, but now I would like to aggregate Active Directory (AD) accounts to ISC using LDAP filters. Specifically, I want to aggregate AD accounts with sAMAccountName values that start with 2 letters followed by 4 numbers (e.g., “ab1234”).

image1847×656 49.1 KB

I tried using the following filter, but it does not seem to work:
(&(objectClass=user)(sAMAccountName=^[1]{2}[0-9]{4}))

Before this, I tested with no LDAP filter and successfully saw accounts with the desired pattern being aggregated.

Do you know if it is feasible to aggregate AD accounts with sAMAccountName values that match this pattern using the LDAP filter field? If so, could you provide guidance on the correct filter syntax?

Many thanks,

Longinus Chan

1. a-zA-Z ↩︎

LDAP Filters support basic wildcard matching but not regular expressions. You can try below:
→ Prefix matching if initial characters are set of few know characters . (&(objectClass=user)(|(sAMAccountName=ab*)(sAMAccountName=xy*)))
→ Directly deal in AD/LDAP, by providing membership to all such accounts in a dummy group and aggregating that specific group using LDAP filter in ISC

Are you managing provisioning of these type of accounts?

Hi Jain,

Thank you for the clarification and suggestion, we will consider using membership method.

Hi Place,

Yes, in some workflows, we are disabling AD accounts and granting AD groups as part of our lifecycle management process.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.