Polycom RealPresence Resource Manager System Operations Guide RealPresence Resource Manager System and
464 Polycom, Inc.
Creating exclusion filters can impact the performance of your LDAP queries.
As a best practice, use indexed attributes and do not use medial searches when
implementing exclusion filters. For more information, see Creating More
Efficient Microsoft Active Directory-Enabled Applications.
The following table illustrates some more advanced examples of exclusion
filter expressions.
RealPresence Resource Manager System and Windows
Authentication
To allow Microsoft Active Directory users with dynamically-managed
endpoints to securely log into their endpoint without typing in their network
credentials, the RealPresence Resource Manager system must be integrated
with an Active Directory server and trusted by Active Directory.
When the RealPresence Resource Manager system starts up, it performs the
following actions.
• Uses Microsoft's LDAP ping mechanism to determine the site in which the
system is located.
• Uses a DNS SRV record query to find a domain controller within the same
site.
Search baseDN expression Description
!(| (memberof=CN=Sales,DC=europe,DC=example,DC=com)
(memberof=CN=IT,DC=europe,DC=example,DC=com))
Includes only users that are members of the
‘Sales’ or ‘IT’ Groups in the domain
europe.example.com.
Notes:
• The expression should be in continuous
line with no carriage returns or extra
spaces (not possible in this document’s
format).
• By excluding an entity, we implicitly mean
to include all other entities. Conversely, by
including an entity, we are implicitly
excluding all other entities. Hence, this
exclusion filter will suffice for a case
where, for example, the administrator
wants to include Sales and IT but exclude
Human Resources, Engineering, etc.,
within the specified domain.
&(objectCategory=person)(objectClass=user)(userAccountCon
trol:1.2.840.113556.1.4.803:=2)
Excludes all users who are disabled. Note
this is using a different but valid notation.
