Filters: Optional LDAP Query Filter
Created: 2019-08-01 14:40:51Modified: 2022-04-06 11:08:35
Tags: Active Directory AD LDS ADAM Amazon Simple AD Azure Features Google (G Suite) Lotus Notes / Domino UnitySync
This information applies to an LDAP Directory Source (not ODBC, LDIF, CSV etc).
When the Source is an LDAP directory, UnitySync sends an LDAP query and asks for specific information. Filters can be used to include and/or exclude objects based on their values. By default, each Discovery uses an automatically generated search query, usually broad and based on mail=* and the appropriate objectclass types you want to pull.
Custom Filters may be added to include and/or exclude objects based on certain values. Attribute filters can be placed on the object types listed below. These optional filters are added to the default syntax. If you are pulling multiple Source object types, it may be appropriate to specify the same filter in more than one filter parameter, or the filters may be different for each object type:
User: Filter entered here will be applied to Source objects of type User/Mailbox.
Contacts: Filter entered here will be applied to Source objects of type Contact/Custom Recipient.
Groups: Filter entered here will be applied to Source objects of type Group/List.
Public Folders: Filter entered here will be applied to Source Public Folders.
Syntax Overview
Understanding the following Operator Symbols will aid you in forming your LDAP query strings.
| Operator | Means | Use when: |
|---|---|---|
| & | AND | All specified filters must be true for the statement to be true. For example,(&(filter)(filter)(filter)) |
| | | OR | At least one specified filter must be true for the statement to be true. For example,(|(filter)(filter)(filter)) |
| ! | NOT | The specified statement must NOT be true for the statement to be true. Note that only one filter is affected by the NOT operator. |
Keep in mind that Boolean expressions are evaluated in the following order:
- innermost to outermost parenthetical expressions first
- all expressions from left to right
Query Examples
| Filter | Select when: |
|---|---|
| (manager=*) | The manager attribute is populated |
| (sn=Jones) | Entries with Surname of Jones |
| (sn=A*) | Entries when Surname begins with A |
| (mail=HC4) | HC4 is in the SMTP address |
| (!(mail=*@acme.com)) | Exclude any SMTP w/ this domain |
| (!(st=Florida)) | Exclude entries when state = Florida |
| (&(department=sales)(l=McLean)) | Entries from sales AND in McLean |
Actual attributes and objects vary by directory.
If you need assistance forming your query, please contact our Technical Support Team for assistance.
Filters Office 365 (O365)
As of UnitySync v2.8, filters for an Office 365 (O365) Source follows the usual LDAP format described above, with a few caveats; see Filters: Office 365 (O365) Discovery (v2.7.28 and newer) and/or O365 Discovery - Query on Group Membership.
If you are still using v2.7 and earlier, which reached end of life on July 1, 2018, we urge you to upgrade to take advantage of vastly improved handling overall as well as specifically in regards to filters.