User exclusion rules, User exclusion rules 87 – Google Apps Directory Sync Administration Guide User Manual

Configuration

87

User Exclusion Rules

If you have any users on your LDAP directory server that match your search rules
but should not be added to Google Apps, add an LDAP user exclusion rule.

Some examples of reasons for LDAP user exclusion rules:

•

Internal users who do not have outside email addresses

•

Printers, conference rooms, and other non-user resources

•

Test users on your LDAP directory server

•

Users who do not want a Google Apps mailbox

Rule

The search rule for user sync to match. This rule is a
standard LDAP query, and allows sophisticated logic
and complex rules for searching. For more information
about LDAP search filters, see “About LDAP Queries”
on page 41.

Example 1: To match all objects (this may cause load
problems):

objectclass=*

Example 2: To match all human users:

•

For OpenLDAP:

(objectClass=inetOrgPerson)

•

For Active Directory:

(objectClass=person)

•

for Lotus Domino:

(objectClass=dominoPerson)

Base DN

The Base DN (Distinguished Name) to use for this
search rule. This will override the default Base DN you
specified in LDAP Connection.

This field is optional. In most cases, you can leave this
field blank and use the Base DN specified in the LDAP
Connection page. If you want this rule to use a different
Base DN than the default, specify an alternate base
DN.

Example:

ou=powerusers,ou=test,ou=sales,ou=melbourne,dc=
ad,dc=example,dc=com

LDAP User Sync
Setting

Description