Limiting the OU's to search.

Question

Team,

I am trying to build a web portal to use as a company directory, the problem is that when a search is conducted it shows every account in the forest. I want to limit the search to particular OU's with the user accounts in it, without displaying any service accounts or accounts like that. Is this possible?

Thanks again!

Answer 1

Update 2018

Starting with Adaxes 2018.1, you can control the objects displayed in a Web interface (e.g. by setting a top level node). For details, have a look at the following tutorial: https://www.adaxes.com/tutorials_WebInterfaceCustomization_PreventUsersFromViewingTheADStructure.htm.

Original

Hello,

Currently, you cannot limit the Web Interface search, but there is a workaround. Instead of allowing your users to search in the Web interface, you can use the View Object Home Page Action configured to display only objects that match a certain LDAP filter. Also, you can set up a Scheduled Task that will set a certain property of those accounts that should not be visible in the Web Interface to a certain predefined value. For example, if you have Exchange installed, you can use Extension Attribute 1 provided by Exchange and set it to invisible. Then, in the settings of the Home Page Action you can specify a LDAP filter that will match all users whose Extension Attribute 1 is not set to invisible.

For information on how to create the necessary Home Page Action, see section View Object in the Configure Home Page Actions Tutorial. Use it as a guide.

1. To configure the Home Page Action to allow viewing users, on Step 1 of the section, select View and User from the associated drop-down list.
   

2. On Step 3 of the section, select the Allow selecting only AD objects that match the specified LDAP filter option and specify a LDAP filter that will be used to return only actual users. For example, to return only users whose Extension Attribute 1 is not set to invisible, specify the following filter:

    (!(extensionAttribute1=invisible))
   

   

To create a Scheduled Task that will set the property you chose to the necessary value:

1. Create a new Scheduled Task.
2. On the 3rd step of the Create Scheduled Task wizard, select the User object type.
   
3. On the 4th step, add the Update the user action and click Add.
   
4. In the Property to modify field, select the property that you need, for example, Extension Attribute 1.
5. In the New value field, specify the predefined value that you want to use, for example, invisible.
   
6. Click OK.
7. On the 5th step, adjust the Activity Scope of the Scheduled Task so that it includes only OUs where service accounts and the like are located.