Info
Pleasant Password Server
I. LDAP and AD
Quick Active Directory and OpenLDAP User Guide
Directory Connection Setup Overview
AD Filter for Group Membership
Troubleshooting LDAP and AD
Directory Search Filters
Microsoft Entra ID
Secure LDAP is Mandatory for Active Directory
Active Directory and sAMAccountNames
Disconnected Users
AD Access Offline
Legacy LDAP and AD Guides
Sitemap
Info  >  Pleasant Password Server  >  I. LDAP and AD  >  Directory Search Filters Page last modified Nov 26 2024, 11:34

Directory Search Filters

Discover how Pleasant Password Server will enhance KeePass for business

Below are Search Filters which you may find helpful for configuring your AD/LDAP Directory settings or for filtering your Import Users or Import Roles

Navigation

From your AD/LDAP Directory connection (in the web app menu under Users & Roles > Active Directory/LDAP) it is possible to first create a AD or LDAP User Directory connection and to provide either basic filters as a part of that connection:

Basic Filters:

  • Basic Distinguished Name - which filters users and groups (roles)
  • User Relative DN - which filters users
  • Group Relative DN - which filters groups (roles)

Advanced Filters:

On top of these filters or as an alternative, more advanced filter options are preferred for large user directories and are helpful to restrict access by filtering the directory connection to one security group:

  • Click your Directory connection (link) -> Click Advanced Settings (link) -> Search Filters (section) -> Additional User Filters (section)

Search Filters:

When manually importing, you can search for specific users or roles using filters when importing from users and roles. (Note that these get applied on top of the connection filters) . These can be accessed from the web app menu under Users & Roles > Active Directory/LDAP -> Click Actions button:

  • Import Users page:  Import Users menu item -> Click "Change Filters"

  • Import Roles page:  Import Roles menu item -> Click "Change Filters"

 

 

Filters

Advanced Filters (for users/roles):

These filters are helpful when setting up connection to a large/complex User Directory, to restrict to a security group.

All users who are direct members of a specific Group:

  • memberOf     is      CN=Test,ou=East,dc=Domain,dc=com

All members of a specified group, including in nested Groups:

  • memberOf:1.2.840.113556.1.4.1941:     is     cn=Test,ou=East,dc=Domain,dc=com

 

Search Filters:

All users with "primary" group "Domain Users":

  • primaryGroupID    is    513

All users with "common name" starting with "M":

  • CN    is    M*

All users with "primary" group other than "Domain Users":

  • primaryGroupID    is not    513

All role names that contain "security":

  • Name   is   *security*

 

 

 

Sample search filters:

  • Name   is   John Horner

  • Name   is   John *

  • CN   is   John Horner

  • CN   is   John*

  • DisplayName   is   John Horner

  • DisplayName   is   *Horner

  • sAMAccountName   is   JHorner

  • sAMAccountName   is   JH*

 

Reference: