Cisco Acano X-series

Cisco Meeting Server Release 2.0 : Single Combined Meeting Server Deployments

To restrict to people (and omit groups), use:

(&(memberOf=cn=apac,cn=Users,dc=Example,dc=com)
(objectClass=person))

Using an extensible matching rule (LDAP_MATCHING_RULE_IN_CHAIN /
1.2.840.113556.1.4.1941), it is possible to filter on membership of any group in a
membership hierarchy (below the specified group); for example:

(&(memberOf:1.2.840.113556.1.4.1941:=cn=apac,cn=Users,dc=Example,

dc=com)(objectClass=person))

Other good examples which you can adapt to your LDAP setup include:

Filter that adds all Person and User except the ones defined with a !

(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(!(cn=krbtgt)))

Filter that adds same as above (minus krbtgt user) and only adds if they have a
sAMAccountName

(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(sAMAccountName=*))

Filter that adds same as above (Including krbtgt user) and only adds if they have a
sAMAccountName

(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(!(cn=krbtgt))(sAMAccountName=*))

This filter only imports specified users within (|( tree

(&(objectCategory=person)(objectClass=user)(|(cn=accountname)
(cn=anotheraccountname)))

Global Catalog query to import only members of specified security group (signified with
=cn=xxxxx

(&(memberOf:1.2.840.113556.1.4.1941:=cn=groupname,cn=Users,

dc=example,dc=com)(objectClass=person))

4. Set up the Field Mapping Expressions

The field mapping expressions control how the field values in the Meeting Server’s user
records are constructed from those in the corresponding LDAP records. Currently, the
following fields are populated in this way:

Display Name

User name

space Name

space URI user part (i.e. the URI minus the domain name)

5 LDAP configuration