Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Exclude particular LDAP users

Log in to subscribe to topics and get notified when content changes.

Exclude particular LDAP users

If you cannot completely filter the LDAP user list using LDAP filter properties, you can exclude users with a map script.

After you have run the logic to identify a user that should not be imported, set the user_name field to an empty string and this user will not be imported.


One way to identify users to filter out is to look for a string in the distinguishedName attribute. For example, this script excludes accounts that are not in a Users OU. You might use this script if you have too many Users OU to include in the target OU LDAP Option.

//vdn is a variable mapped to distinguishedName
var vdn = source.getElement(this.distinguishedName);
if (vdn.indexOf('OU=Users')<0) {
  gs.log('LDAP Import Skipping User: ' + vdn);

A more complex method of filtering is to use regular expressions.

//vcn is a variable mapped to cn
//vdn is a variable mapped to distinguishedName
//c is the regular expression string
var vdn = source.getElement(this.distinguishedName);
var vcn = source.getElement(;
var c = /^[a-z][a-z][a-z][0-9][0-9][0-9]$/;
var nvcn = vcn.toLowerCase();
//test to see if the cn is in the form of 3 letters followed by 3 numbers, only import these
if (c.test(nvcn)) {
	user_name = nvcn;
} else {
	gs.log("LDAP import rejected username: " + vcn + " for DN: " + vdn);
	user_name = "";