PSD1093 – Use LDAP query as tab restriction filter


  • PhenixID Identity Manager 5.0.0 or later
  • Filter: Tab Restriction filter LDAPQueryTabRestrictionFilter.class


This document will describe how to use the tab restriction filter LDAPQueryTabRestrictionFilter.class, found in this file: PSD1093

Normally, a restriction filter acts upon the object that is to be opened, to verify if the tab is allowed to open. But this restriction filter will instead act upon the logged in user, to verify if he/she is allowed to open the tab.

The tab restriction filter runs an LDAP query for the logged in user. If the user matches the LDAP query the filter will allow the tab to be shown.


Filter file

Put the filter file in /customer/extension/class/psd for IM Web.

Put the filter file in /ext/class/psd for IM Configurator.

Restriction filter

Add the filter as a restriction filter to the tab by editing the tab properties.



Tab attribute

Add a string attribute to the tab with the name LDAPQueryTabRestrictionFilter. Put the LDAP query in the title of the attribute. Mark the attribute as a hidden variable.

Example 1

The tab is only allowed to open if you are a manager. Use the following LDAP query:


Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID -