Hello,
lets take an example. In a domain, named 'senderdomain.com' a user named 'Alice Jones', logs on to the computer using the username 'ajones'. She is also a member of a group named 'Human Ressources', which has the distinguishedName 'CN=Human Resources,OU=Groups,OU=SenderDomain,DC=senderdomain,DC=com'. Her user object in Active Directory is in an Organizational Unit named "HR" which is below another OU named 'SenderDomain'.
This user then has the following attributes in LDAP:
distinguishedName : 'CN=Alice Jones,OU=HR,OU=SenderDomain,DC=senderdomain,DC=com'
sAMAccountName : ' ajones'
memberOf : 'CN=Human Resources,OU=Groups,OU=SenderDomain,DC=senderdomain,DC=com'
userPrincipalName : ajones@senderdomain.com
name : Alice Jones
cn : Alice Jones
givenName: Alice
sn: Jones
So let's match her into a PGP Universal Server group.
1. Match by user name only, chose one of the following:
- Attribute 'sAMAccountName ' - Value 'ajones'
Regular Expression: no
- Attribute 'userPrincipalName' - Value 'ajones@senderdomain.com'
Regular Expression: no
- Attribute 'distinguishedName' - Value 'CN=Alice Jones,OU=HR,OU=SenderDomain,DC=senderdomain,DC=com'
Regular Expression: no
2. Match by group membership, all users in the group 'Human Resources' should be matched:
- Attribute 'memberOf' - Value: 'CN=Human Resources,OU=Groups,OU=SenderDomain,DC=senderdomain,DC=com'
Regular Expression: no
3. Match by OU, all users in the OUs SenderDomain and HR should be matched
- Attribute '' - Value '.*,OU=HR,OU=SenderDomain,DC=senderdomain,DC=com'
Regular Expression: yes
You might want to have a look at the following page which explains how Active Directory properties are shown as LDAP attributes: http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
Also check out Softerra's LDAP browser, that allows you to browse your Active Directory through LDAP and see what attributes belong to which users.