We are trying to implement the following LDAP filter to an existingpartnership: (&(uid=*)(userRoles=MYROLE;MYROLE_USER))
But it seems this one doesn't work. How should we configure this ?
The semicolon is used to separate multiple DNs in a search query, butit does not apply in a LDAP filter. This should be done differently.
Please, check the "Filter Any" example 2 on the following document:
User Identification for a Partnership https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/partnership-federation/user-identification-for-a-partnership
For this and more information on the LDAP filters, you can check:
Apply extensible match filters to identify that the user has both roles
KB : KB000099441