Hi!
I am at the need of an LDAP filter to allow search for users that are indirect members of some specific group. That is, users that belongs to some groups, ant that these groups are members of a parent group.
Via LDAP extensibleMatch there is a query, performed by
(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=groupX,OU=…,DC=root,DC=com))
so if I have group1, group2 and group3, all members of groupX, all users members of group1, group2 and group3 will be brought in response, and other users will not come.
In an LDAP search this filter works. But when doing through AD source aggregation, it results in an ldap error which message is “equals” is missing in filter.
Can somebody confirm if LDAP extensible match is supported on ISC AD account filters, or if I have to thing in some AD after operation rule to limit account results?
Thanks!