0 votes

I'd like to enter an LDAP string in the Target Object selection to allow managers in Self Service to search for staff in a variety of OU's
I've tried to use the string where the manager of the person will be available for searching by the Web User but this hasn't worked.

The OU's I have are in the formats of
OU=Standard Users,OU=User Accounts,DC=Domain,DC=organisation,DC=co,DC=uk
OU=Power Users,OU=User Accounts,DC=Domain,DC=organisation,DC=co,DC=uk
OU=Manager Users,DC=Domain,DC=organisation,DC=co,DC=uk
So I can't use a subset of a top level OU.

An answer to both types of query or either would be great.
Thanks

by (150 points)

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello Alan,

There is no such possibility.
As a workaround, you can create two Home Page Actions. One for the OU=User Accounts,DC=Domain,DC=organisation,DC=co,DC=uk container and one for the OU=Manager Users,DC=Domain,DC=organisation,DC=co,DC=uk. In this case, you will need to use the Allow selecting only AD objects located under a specific OU or container option.

0

I thought I might be able to create an LDAP filter such as in the attachment or enter an LDAP filter which would allow the manager to search all staff in any of the stated OU's.
Would a similar LDAP filter for manager=%username% not work?

0

Hello Alan,

No, this filter will not work, because the manager property requires DN syntax. If you want to allow selecting only users managed by the currently logged on user, specify the following in the LDAP filter field:

manager=%distinguishedName%

However, the filter will not limit the displayed user accounts by OUs. All the user accounts managed by the currently logged on user will be available for selection.

0

Thanks, that works exactly as I wanted it to.

Related questions

0 votes
1 answer

I understood that following this logic, the link directs me to the user's viewing page. %adm-WebInterfaceUrl%ViewObject.aspx?guid= ... success %adm-WebInterfaceUrl%EditObject.aspx?guid=%objectGUID% %adm-WebInterfaceUrl%ModifyObject.aspx?guid=%objectGUID%

asked Nov 15, 2022 by Simone.Vailati (430 points)
0 votes
1 answer

Thanks for the info. I'm now grabbing the %adm-ManagerUserName% value, but need to remove the final 21 characters of it so it contains only their username and not our ... this in the PowerShell Script Editor for my business rule, I get the following error:

asked Mar 11, 2021 by mkvidera (60 points)
0 votes
1 answer

What I'm trying to accomplish: user should have access to modify certain accounts where customTextAttribute2="test" (example). When I modify the criteria under "object selection" ... to query custom attributes or do you have to use AD attributes for this?

asked Mar 19 by tromanko (330 points)
0 votes
1 answer

Hi, I recently upgraded Adaxes from 2021.1 to 2023.2, and after the upgrade, an LDAP filter for retrieving the groups a user is owner of, stopped working. The reason ... attribute instead, like this: It works, but sadly it is quite slow. Best regards Martin

asked Aug 21, 2023 by Martin (150 points)
0 votes
1 answer

I've created an interface to edit adm-CustomAttributeText19 when it's empty. I set in the configuration page this filter "Only allow selection of AD objects that match the LDAP ... I open the interface, even if the field is filled. What am I doing wrong?

asked Jan 30, 2023 by Simone.Vailati (430 points)
3,588 questions
3,277 answers
8,303 comments
548,092 users