I trying to reconfigure the ldap authentication for Active Directory as I found the current version of search filter are too long. The example of current version of search filter that working:
AUTHENTICATION_ACTIVE_DIRECTORY.userSearchFilter=(&(sAMAccountName={0})(|(memberof=CN=EG1,OU=APP,OU=Global,OU=Group1,DC=company,DC=com)(memberof=CN=EG2,OU=APP,OU=Global,OU=Group1,DC=company,DC=com)(memberof=CN=EG3,OU=APP,OU=Global,OU=Group1,DC=company,DC=com))) AUTHENTICATION_ACTIVE_DIRECTORY.userSearchBase=DC=company,DC=com
How can I reduce the search filter declaration? The EG1,EG2,EG3 are under APP.
Problem solved, thanks to @ryan for the comment. Basically create a group named parentgroup and merge EG1,EG2,EG3 into the parentgroup.
So my working searchfilter:
AUTHENTICATION_ACTIVE_DIRECTORY.userSearchFilter=(&(sAMAccountName={0})(memberOf:1.2.840.113556.1.4.1941:=CN=parentgroup,OU=APP,OU=Global,OU=Group1,DC=company,DC=com))
AUTHENTICATION_ACTIVE_DIRECTORY.userSearchBase=DC=company,DC=com