AD search (&(objectClass=organizationalPerson)(userPrincipalName=%s))
AD search (&(objectClass=organizationalPerson)(mail=%s))
Currently the setting for AD search is set to "Mail" on Partnership "ABC-FED", when user login via Mail with ID [email protected] no issues.
But when a user logs in via "UserPrincipalName" they get the 500 error and it's because the search criteria is set to "Mail".
On the other partnership XYZ-FED, the AD search is set to "UserPrincipalName" so when a user logs in using ID [email protected] has no issues.
But when a user logs in via Mail they get the 500 error, and it's because the search criteria is set to UserPrincipalName.
- Question:
Is there an option in the AD search field to have both Mail and UserPrincipalName or only one can be used.
CA Policy Server 12.8 releases and/or applicable to other supported environments.
We can use below search criteria to achieve the above mentioned use case requirement.
(|(&(objectClass=organizationalPerson)(userPrincipalName=%s))(&(objectClass=organizationalPerson)(mail=%s)))
Kindly note that the above mentioned example is only applicable to this specific use case.
But we do support standard LDAP operators and here are some examples.
https://ldap.com/ldap-filters/
https://ldapwiki.com/wiki/LDAP%20filters%20Syntax%20and%20Choices