PhenixID

PSD1106 – Allow and/or Exclude DN in a predefined search

Summary

This PhenixID Solution Document (PSD) is written for PhenixID Identity Manager (IM) 5.x.

With all Predefined searches you can always specify where a search should start by specifying a BaseDN.
But if there are one or more DNs in that BaseDN that should for example be excluded, this can now be done using a filter called, AllowedOUPDSearchFilter.class.
There are two parameters:

  • AllowedDNs  (for example 5 OU´s on the same level but you only like to search in two of them)
  • ExcludedDNs (for example 5 OU´s on the same level but there is one OU that you like to exclude from the search)

Using AllowedDNs and ExcludedDNs together. Only scenario supported is when you of on OU level have five OU´s allowed but you under one of this OU´s like to disallow one sub OU. (the other way around is not supported)

System Requirements

  • PhenixID Identity Manager 5.1.0

Add AllowedOUPDSearchFilter.class

Allowed and Exclude functionality is part of the filter.AllowedOUPDSearchFilter.

  1. In an Predefined search
  2. Click ToolsTab External Filters
  3. Add filter name filter.AllowedOUPDSearchFilter
  4. Click OK

1. Configure ExcludedDNs

Let say that you have a BaseDN set to DC=phenixid,DC=local and you have several OU´s underneath that DN. If you like to exclude two of the sub OU´s, lets call them OU=Demo1,DC=phenixid,DC=local and called OU=Demo2,DC=phenixid,DC=local  then do the following:

  1. Open the Predefined search in IM configurator – Tab Designer.
  2. Verify that your BaseDN is configured to DC=phenixid,DC=local
  3. Add a static string to the predefined search
  4. In the Attribute name: field type ExcludedDNs
  5. In the Default value: section add OU=Demo1,DC=phenixid,DC=local$$OU=Demo2,DC=phenixid,DC=local
    $$ is used to separate multiple DNs scenarios
  6. Click Apply
  7. Save the search try and see if it works

2. Configure AllowedDNs

Let say that you have a BaseDN set to DC=phenixid,DC=local and you have several OU´s underneath that DN but you only like OU=Demo1 to be included during a search:

  1. Add a static string to the predefined search
  2. In the Attribute name: field type AllowedDNs
  3. In the Default value: section add OU=Demo1,DC=phenixid,DC=local
    ($$     is used to separate multiple DNs scenarios, not needed in this example)
  4. Click Apply
  5. Save the search try and see if it works

3. Configure AllowedDNs with ExcludeDNs

Let say you have an OU structure like below:

  • DC=phenixID,DC=local
    • OU=demo1,DC=phenixID,DC=local
    • OU=demo2,DC=phenixID,DC=local
      • OU=hiddenUsers,OU=demo2,DC=phenixID,DC=local
      • OU=users,OU=demo2,DC=phenixID,DC=local
    • OU=demo3,DC=phenixID,DC=local
    • OU=demo4,DC=phenixID,DC=local

Let say you also like a predefined search to search in only demo2 and demo3 but not in hiddenUsers.

To solve this you create one AllowedDNs like in task 2 above. In default value you type:
OU=demo2,DC=phenixid,DC=local$$OU=demo3,DC=phenixid,DC=local

To solve this you create oneExcludeDNs like in task 1 above. In default value you type:
OU=hiddenUsers,OU=demo2,DC=phenixID,DC=local

 

 

 

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se