LDAP group member import filter options

Guardium® Insights SaaS allows you to populate groups by importing members from an LDAP connection using a prefix/member format. This topic describes the filter options for this import.

When importing LDAP members into a group, you can use a static prefix append, or you can use a more advanced parameterized LDAP filter. If a specific prefix needs to be added to every member imported from LDAP, you can define this in the LDAP import configuration. Alternatively, you can specify a bind values group, which will be used with a parameterized filter to augment imported members with information contained in bind values group members. The following table describes supported parameterized filter substitution options and resulting imported member adjustments:

Table 1. LDAP group member import filter options
Bind group member Parameterized filter Substituted filter Member prefix Final member
A\B ... cn=:1 ... ... cn=A\B ... n/a memberName
D ... cn=:1 ... ... cn=D ... n/a memberName
A\B ... cn=:1 ... dn=:2 ... ... cn=B ... dn=A ... "A\" A\memberName
D ... cn=:1 ... dn=:2 ... ... cn=D ... dn=* ... "%" %memberName
A\B ... cn=:2 ... ... cn=B ... "%" %memberName
D ... cn=:2 ... ... cn=D ... "%" %memberName
Note: Neither static prefix nor parameterized filters are supported for multi-tuple group types.