Account and Group Settings

Provide the information required to search the accounts and groups managed by your system.

Account Search Scope

To configure the account search scope, complete the following:

  1. Select one of the following:

    • Subtree - Use to search the specified Search DN and all the containers within it.

    • Base - Use to only search the Search DN.

    • One Level - Use to search the Search DN and the containers one level below it.

  2. Enter the Search DN (distinguished name) to search for the accounts that you want to load.
  3. (Optional) Enter the LDAP Search Filter to specify an optional filter that limits the results returned by the Search DN. For example, to filter for entries that do not represent a person, enter the following:

    (!(objectclass=person))

  4. (Optional) Enter the Group Member Search DN to specify the group memberships of the users that you are loading.
  5. (Optional) Enter the Group Membership Attribute that contains the group membership information on the managed system.
  6. (Optional) Enter an Additional Filter that SailPoint applies to the results returned by LDAP. Derived attributes can be included in the filter. For example, to remove user from the search results with a condition, enter the following:

    deleted=="true"

  7. Select Save.

Group Search Scope

To configure the group search scope, complete the following:

Note
By default, If the scope is not defined for Groups, the connector users the Account search scope.

  1. Select one of the following:

    • Subtree - Use to search the specified Search DN and all the containers within it.

    • Base - Use to only search the Search DN.

    • One Level - Use to search the Search DN and the containers one level below it.

  2. (Optional) Enter the Search DN (distinguished name) to search for the accounts that you want to load.
  3. (Optional) Enter the LDAP Search Filter to specify an optional filter that limits the results returned by the Search DN. For example, to filter for entries that do not represent a person, enter the following:

    (!(objectclass=person))

  4. (Optional) Enter an Additional Filter that SailPoint applies to the results returned by LDAP. Derived attributes can be included in the filter. For example, to remove user from the search results with a condition, enter the following:

    deleted=="true"

  5. Select Save.