Account and Group Settings

Provide the information required to search the accounts and groups managed by your system. The search DNs defines the list of container distinguished names along with other relevant attributes that define the scope for this application. Each of these search DNs is considered a partition for parallel aggregation. Accounts and Groups can have different set of search DNs and you can define different scopes for each of them.

Account Search Scope

Multiple Search DN entries can be configured to define the account search scope.

Note
At least one Search DN needs to be configured for the account search scope.

To configure the account search scope, complete the following:

Enter the Search DN (distinguished name) to search for the accounts that you want to load. For example:

ou=HR,dc=org,dc=com
Enter the Iterate Search Filter to define an LDAP filter that sets the scope for accounts or groups from this container. For example, to filter for entries that do not represent a person, enter the following:

(!(objectclass=person))
(Optional) Enter the Group Member Search DN to specify the group memberships of the users that you are loading.

Note
If no value is provided, then the default scope of Group Membership is the Search DN value.
Select Save.

Group Search Scope

Note
By default, If the scope is not defined for Groups, the connector users the Account search scope.

To configure the group search scope, complete the following:

(Optional) Enter the Search DN (distinguished name) to search for the groups that you want to load. For example:

ou=Groups,dc=org,dc=com

Enter the Iterate Search Filter to define an LDAP filter that sets the scope for groups from this container.

The following is an example of the attributes for the Group Search Scope:

Copy


<entry key="group.searchDNs">
    <value>
        <List>
            <map>
                <entry key="iterateSearchFilter" value="(&(objectclass=posixgroup))"/>
                <entry key="searchDN" value="ou=HR,dc=org,dc=com"/>
                <entry key="searchScope" value="SUBTREE"/>
            </map>
            <map>
                <entry key="iterateSearchFilter" value="(&(objectclass=posixgroup))"/>
                <entry key="searchDN" value="ou=Sales,dc=org,dc=com"/>
                <entry key="searchScope" value="SUBTREE"/>
            </map>
        </List>
    </value>
</entry>

Select Save.

Note
Only group.iterateSearchFilter will be respected during group aggregation.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Account and Group Settings

Account Search Scope

Group Search Scope

Documentation Feedback