Allowed LDAP search filters in AirWatch

Description

In the AirWatch Console, you can configure Directory Services integration by navigating to Settings > Enterprise Integration > Directory Services.  Under the User and Group tabs, you can specify the User Search Filter and Group Search Filter to indicate the LDAP query you wish to use to search for users and groups, respectively.  The AirWatch Console only supports filters that begin with the AND operator, in the form "(&(".  In particular, filters beginning with the OR operator, in the form "(|(", are not supported.

Filters that are not in a supported form will experience errors during the sync process.  As such, users and groups will not be successfully pulled into AirWatch.  Limiting the allowed queries will help ensure that only the appropriate users and groups are synced into AirWatch, and help eliminate potential errors during the syncing process that can have adverse effects.

The default User Search Filter is:

(&(objectCategory=person)(sAMAccountName={EnrollmentUser}))

 

The default Group Search Filter is:

(&(objectClass=group))

 

The following are examples of incorrect filters:

(sAMAccountName={EnrollmentUser}) 

(|(sAMAccountName={EnrollmentUser})) 

Have more questions? Submit a request

0 Comments

Article is closed for comments.