Yes this is possible.To apply a rule to LDAP queries follow the next steps:
- In the Policy Patrol Administration console go to Settings > Users and click on Add. Click Next in the Welcome screen.
- Select Manual input and click Next.
- Enter the name for the custom group in the name column, for instance New York Marketing.
- Enter the LDAP search query in the email address field in the following format: <LDAP://[Path to container to search]>;(&(objectClass=user)(l=New York));distinguishedName;[SubTree or Onelevel]
The LDAP query is split into a number of sections separated by ; characters. The first part is the LDAP search root, the second part is the query filter, the third part specifies what attributes should be returned by the query, this MUST be set to distinguishedName. Finally the fourth part is the search scope, it can be either SubTree (Search sub containers) or Onelevel (Search only container specified in the search root). So an LDAP query for the users located in New York would look something like this:
If you want to create a query for members of an OU, you would do so in the following format: <LDAP://OU=test,DC=redearthsoftware,DC=com>;(&(objectClass=user)(mail=*));distinguishedName;SubTree (Tip: If you are not sure what the path to the LDAP container is, you can go toSettings > Users and click on Add. Select Active Directory. Then check the option 'Use the following search root' and click on the Browse button to the right of the text box. Select the container you wish to use and click OK. Copy the LDAP path from the text box and click Cancel so that no users are added).
- Go to your rule and select the newly created custom group name, e.g. New York Marketing (it will appear as a normal user in the list).
NOTE: The users added to the group created based on LDAP query should be licensed before creating the group so that the rule can be applied.
For more assistance with creating your LDAP query, please contact firstname.lastname@example.org.