Can we configure EEM to point to our LDAP and only see users that belong to specific LDAP groups?

EmbeddedEntitlementsManager 12.x

Yes, you can configure search filters in EEM to restrict visibility to specific users based on their group membership. This is achieved by modifying the User Search Filter in the EEM User Store configuration.

Example Syntax

To filter for users who are members of specific groups, you can use a filter similar to the following: (&(objectClass=user)(|(memberOf=CN=group1,CN=Users,DC=domain,DC=local)(memberOf=CN=group2,CN=Users,DC=domain,DC=local)))

Breakdown of the Filter:

• & (AND): Ensures the object is both a user and meets the group requirements.

• | (OR): Allows the user to be a member of either group1 or group2.

• memberOf: The attribute used to define group membership.

Documentation Reference

For more detailed examples on setting up group search filters for multiple groups, refer to the EEM documentation: EEM Group Filtering

Implementation Notes

• Verify Attributes: You should work with your LDAP administrator to confirm the actual attributes (e.g., sAMAccountName, memberOf) and the exact Distinguished Names (DN) for your groups.

• Group Search Filter: Similarly, you can filter which groups EEM sees by using a Group Search Filter, such as: (&(objectClass=group)(|(sAMAccountName=APP1_*)(sAMAccountName=APP2_*))) This would restrict EEM to only seeing groups that start with "APP1_" or "APP2_".