What is the search filter syntax for "all users under the given OU DN"? Looking at the docs here ( https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx) did not seem to answer this question (though am totally new to AD, so may be here in another wording).
Use case is that I have an AD path "OU=Users,OU=HortonworksUsers,DC=ucera,DC=local" under which there are several person entries (ie. thier attribute objectClass OID is "top;person;organizationalPerson;user"). I would like to add them to a search filter (for Apache Ranger AD usersync <https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.0.1/configuring-ranger-authe-with-unix-ldap-ad/content/ranger_ad_integration_ranger_usersync.html>), but have only seen examples of filtering for a specified group, ie. "memberOf=". My current search filter, which does not work and in fact causes errors in the usersync logs, looks like: (|(memberOf=CN=admins,OU=groups,OU=HortonworksUsers,DC=ucera,DC=local)("memberOf=CN=Domain Admins,CN=Users,DC=ucera,DC=local") (OU=Users,OU=HortonworksUsers,DC=ucera,DC=local) ) Note the last segment of the filter string. Can anyone with more AD experience let me know the right way to filter for users under some arbitrary OU DN? Is it even possible (or do you have to specify each user individually in this case)? -- This electronic message is intended only for the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you.
