The Active Directory LDAP Filter is an Early Access feature that allows admins to define an LDAP filter used to filter users and groups during AD imports.
If quotes surround any portion of the LDAP filter, the import may not capture all users or groups within the defined scope.
Likewise, imports will not work as expected if there are no parentheses around the default search filters.
- Directories
- Active Directory (AD)
- Imports
- AD LDAP Filter
Each criteria or condition of an LDAP search query must be formatted correctly. Without proper formatting, the search sent to the AD or LDAP directory will be malformed and will not return the expected results.
For example, in the following filter, there are quotes around "Security Groups". Because quotations are not supported in the Okta AD LDAP filter without using an escape character, this will result in users not getting imported.
(&(objectCategory=user)(memberOf=GroupName,ou="Security Groups",OU=groups, dc=domain, dc=com))Another example would be if the LDAP filter query is not properly formatted using parentheses around each condition and the query as a whole.
&(objectCategory=user)(memberOf=GroupName,ou=Security Groups,OU=groups, dc=domain, dc=com)
Verify that each criteria or condition is wrapped in parentheses.
(&(objectCategory=user)(memberOf=GroupName,ou=Security Groups,OU=groups, dc=domain, dc=com))
In the case of quotations, remove unnecessary quotes from an LDAP filter.
