0

I am new at Sun Java System Messaging Server 6.3. I am managing my e-mail users and group via ldapbrowser version 2.8.2.

I want to exclude a particular user from people group.

I found the below string in people group's configuration:

memberURL: ldap:///o=domain.com,dc=domain,dc=com??sub?(&(Employeenumber=*)(InetUserStatus=active))
Tunaki
  • 132,869
  • 46
  • 340
  • 423
Sheikh Asad Jawed
  • 21
  • 5

1 Answers1

0

The definition of the 'People' group is:

Within ldap:///o=domain.com,dc=domain,dc=com, where the attribute Employeenumber is present (Employeenumber=*), and the attribute InetUserStatus has the value active (InetUserStatus=active).

So, if you want to exclude someone, you need and attribute to match, and the value to exclude and construct the LDAP search filter that matches this, and update the filter (&(Employeenumber=*)(InetUserStatus=active)) to correspond to this.

so, if they were Employeenumber 55, then you don't want them in the list, so the condition for this is !(Employeenumber=55), so you need to plug this into the selection condition as:

(&(&(Employeenumber=*)(InetUserStatus=active))(!(Employeenumber=55)))

If you wanted to filter a second user (e.g. Employeenumber 99 as well, then it becomes:

(&(&(&(Employeenumber=*)(InetUserStatus=active))(!(Employeenumber=55)))(!(Employeenumber=99)))

You can see how this will get very complicated very quickly.

Anya Shenanigans
  • 91,618
  • 3
  • 107
  • 122
  • I have noticed that multiple employees have same employeeNumber i.e; 329. Can I use any other attribute such as uidNumber(which is consist of the name of user)? – Sheikh Asad Jawed Nov 03 '15 at 12:05
  • Yes, I was using `employeeNumber` as an example - you need to decide on the filter attribute to use and the value to use as well. – Anya Shenanigans Nov 03 '15 at 12:07
  • When I am adding this attribute the e-mail is not receiving at the people group. – Sheikh Asad Jawed Nov 03 '15 at 13:28
  • Have you validated your filter? If there's an error then you would see nobody in the list - test the filter you've used via the `search` option of the ldap browser. It's really easy to make a mistake with the filter when you write it by hand (I typoed the second one when I entered it). – Anya Shenanigans Nov 03 '15 at 13:39
  • I've done it by changing the employeenumber of the specific user and than follow your instructions. Thanks alot! – Sheikh Asad Jawed Nov 03 '15 at 13:48