Negative Group Context String for LDAP
Posted by , Last modified by Aly Essa on 04 August 2016 12:07 PM

Overview

Restricting access to users that are not within a specific Active Directory or LDAP group is possible within FileCatalyst Workflow and FileCatalyst Direct.

 

Environment

FileCatalyst Server v3.5 and later.

FileCatalyst Workflow v4.9.5 and later.

FileCatalyst Webmail v4.9.5 and later.

  

Resolution

The following Context String is an example where any user in the Sample_GP group will be denied access:

SECURITY_PRINCIPAL=section\{userinput} 

SEARCH_FILTER=(&(sAMAccountName={userinput})(objectClass=user)(!(memberOf=CN=Sample_GP,OU=Security,OU=Example_Groups,dc=section,dc=company,dc=com)))

SEARCH_BASE=dc=section,dc=company,dc=com

SECURITY_GROUPS=

This will deny anyone in the group Sample_GP the ability to log into the system.