This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ldap search filter for manager

Hi 

I am trying to enable helpdesk only for managers where if users account password is lost and doesnt remember security question then only managers can change his subordinates password.

LDAP Query.JPG

I tried below but didn't work

(&(objectClass=inetOrgPerson)(manager=@LDAP:DN@)(|...))

 

  • 0

    Hey Frank,
    I would suggest not to give everyone access to this module, like you did in the screenshot.
    Only Managers should see it so maybe try something like:
    (directReports=*) -> If someone has subordinates, he has access to the helpdesk module.

    Then inside the module you can give a Help Desk Search Filter like the following, to just show the directReports of the logged in Account:

    (&(objectClass=Person)(manager=@LDAP:DN@)(|((cn=*%USERNAME%*)(uid=*%USERNAME%*)(givenName=*%USERNAME%*)(sn=*%USERNAME%*))))

    I have not tried it, but think it should work, if the manager has sufficient rights for browsing.

    Info: Giving this function to the Manager may have some Data Protection Issues, because he could hijack the subordinates Account.
    Cheers
    Konstantin

  • 0 in reply to 

    Unfortunately (manager=@LDAP:DN@) does not work.

    There is an old enhancement request here:

    https://community.microfocus.com//cyberres/idm/i/idmideas/add-macros-to-ldap-filters-i-sspr

    Frank, did you find any solution on how to do this?