Filtering LDAP Users

We are using Sitefinity 4.0 SP1. I have setup an LDAP connection to our Active Directory and it is working. I set the UserDN to the root of our AD and kept the default UserFilter.
 
However I don't want to see all the users in my active directory. I want to be able to choose all the users under specific OU trees and I have more than one OU tree to include.

Is it possible to set multiple UserDN paths (one for each OU tree to include)?
If not, is it possible to use a filter to get just the users from specific OU trees?

Thanks for your help.

Hello Jeff ,

No it is not possible to have multiple UserDN paths , but you can set a filter that include only specific DN paths. You can enter the filter in UserFilter.

Regards,
Teodor
the Telerik team

Thank you for the reply. As a temporary measure I have setup a security group and used this filter which is working.
(&(!(objectClass=computer))(objectClass=person)(memberOf=CN=Sitefinity-Users,CN=Users,DC=mydomain,DC=com))

However I would rather not have to keep a group updated with users and would prefer pull users from specific OU trees.  I am having dificulty getting the filter right.

Can you give me an example of how to filter based on OU?

I have tried the following, but it does not work. I am not sure if the syntax that I used is supported by AD. Note: Employees is at the root and there are sub OU's of Employees. I want all the users under Employees.

(&(!(objectClass=computer))(objectClass=person)(ou:dn:=Employees))


Thanks.

Hi Jeff Clark,

I think it is possible but  we can't help you to create the filter. I suggest you to contacting your sysadmin for more information how to do this - it pretty much depends on your AD configuration.

Greetings,
Teodor
the Telerik team