I'm trying to set up an external active directory GAL on zimbra 8.8.7; My current working filter is
(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(mail=*%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
autocomplete filter is
(|(cn=%s*)(sn=%s*)(gn=%s*)(mail=%s*))
LDAP search base
dc=sub,dc=domain,dc=com
search and autocomplete returns all AD users, including admin accounts. What is a correct way to exclude administrators group from ldap search? the accounts I need to exclude are in OU "Admins" and are members of couple of groups like Buildin "Administrators" and users "Domain Admins", "Enterprise admins", etc I've tried adding (&(objectCategory=group)(!cn=Admin) but it doesn't seem to be valid.
Decided to post my workaround that is already in production. Couldn't make exclusion rule to work and another task required the real employees group to be created on AD anyway, so ended up adding all people accounts to group Staff and domain GAL search looks like this:
LDAP filter: (&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=Staff,ou=Groups,dc=dc1,dc=domainname,dc=com))
Autocomplete filter: (|(cn=%s*)(sn=%s*)(gn=%s*)(mail=%s*))
LDAP search base: dc=dc1,dc=domainname,dc=com