0 votes

I'd like to enter an LDAP string in the Target Object selection to allow managers in Self Service to search for staff in a variety of OU's
I've tried to use the string where the manager of the person will be available for searching by the Web User but this hasn't worked.

The OU's I have are in the formats of
OU=Standard Users,OU=User Accounts,DC=Domain,DC=organisation,DC=co,DC=uk
OU=Power Users,OU=User Accounts,DC=Domain,DC=organisation,DC=co,DC=uk
OU=Manager Users,DC=Domain,DC=organisation,DC=co,DC=uk
So I can't use a subset of a top level OU.

An answer to both types of query or either would be great.
Thanks

by (150 points)

1 Answer

0 votes
by (304k points)
selected by
Best answer

Hello Alan,

There is no such possibility.
As a workaround, you can create two Home Page Actions. One for the OU=User Accounts,DC=Domain,DC=organisation,DC=co,DC=uk container and one for the OU=Manager Users,DC=Domain,DC=organisation,DC=co,DC=uk. In this case, you will need to use the Allow selecting only AD objects located under a specific OU or container option.

0

I thought I might be able to create an LDAP filter such as in the attachment or enter an LDAP filter which would allow the manager to search all staff in any of the stated OU's.
Would a similar LDAP filter for manager=%username% not work?

0

Hello Alan,

No, this filter will not work, because the manager property requires DN syntax. If you want to allow selecting only users managed by the currently logged on user, specify the following in the LDAP filter field:

manager=%distinguishedName%

However, the filter will not limit the displayed user accounts by OUs. All the user accounts managed by the currently logged on user will be available for selection.

0

Thanks, that works exactly as I wanted it to.

Related questions

0 votes
1 answer

What I'm trying to accomplish: user should have access to modify certain accounts where customTextAttribute2="test" (example). When I modify the criteria under "object selection" ... to query custom attributes or do you have to use AD attributes for this?

asked Mar 19, 2024 by tromanko (330 points)
0 votes
1 answer

Hi, I recently upgraded Adaxes from 2021.1 to 2023.2, and after the upgrade, an LDAP filter for retrieving the groups a user is owner of, stopped working. The reason ... attribute instead, like this: It works, but sadly it is quite slow. Best regards Martin

asked Aug 21, 2023 by Martin (170 points)
0 votes
1 answer

I've created an interface to edit adm-CustomAttributeText19 when it's empty. I set in the configuration page this filter "Only allow selection of AD objects that match the LDAP ... I open the interface, even if the field is filled. What am I doing wrong?

asked Jan 30, 2023 by Simone.Vailati (500 points)
0 votes
1 answer

I'm trying to create a new command that can apply to User objects across multiple domains that are in OUs with the same 'Name' i.e. an OU called Directors that occurs in ... t seem to make it work with just contains 'OU Name' i.e. (distinguishedname=OU Name)

asked Jan 21, 2020 by richarddewis (260 points)
0 votes
1 answer

Hi I have a colleague who claims, that objectCategory and/or objectClass should be included in LDAP searches, to reduce load on the domain controller. It sound reasonable, but ... build into the code behind the Home Page Action ? View Group example: - Thanks

asked Jan 4, 2018 by Boxx.dk (2.6k points)
3,716 questions
3,396 answers
8,588 comments
549,922 users