DuarteR.33617 (Customer) asked a question.
LDAP Integration - Filter by group (memberOf Issue)
Hello,
Looking into the LDAP Integration documentation
https://help.okta.com/en/prod/Content/Topics/Directory/LDAP-interface-limitations.htm
I see the warning about using the memberOf to filter users by group, but is there an example on how to filter a user by group using the suggested uniqueMember attribute?
This is my current filter
(&(organizationalStatus=ACTIVE)(memberOf=cn=GROUP,ou=groups,dc=domain,dc=okta,dc=com))
Hello Duarte,
This is Catalin from Okta support.
Unfortunately, the only documentation on how to build a filter using the uniqueMember is on the following site which should look something similar to this:
(&(objectclass=groupofuniquenames)(|(uniquemember=uid="test@something.com",ou=users,dc="the DC",dc=okta,dc=com)),
https://www.openkm.com/wiki/index.php/LDAP_and_Active_Directory_uniqueMember_user_examples
If you require any additional information regarding this subject, I suggest opening up a case with our support engineer wich will gladly aid you on this matter.
Did you ever get an answer for this? It seems a tad unreasonable to give customers API limits with memberOf without providing complete documentation for the replacement uniqueMember attribute. I have yet to see this work in any capacity for retrieving users from a group, which is what the memberOf does. The above example expects us to list out each and every user from the group manually?