The group-filter command configures the filtering conditions for importing user groups from an authentication server.
The undo group-filter command restores the default filtering conditions.
| Parameter | Description | Value |
|---|---|---|
| group-filter | Specifies the filtering condition of a user group. The parameter is in regular expression. | If the filtering condition does not contain any space, its length ranges from 1 to 256. If the filtering condition contains spaces, its length ranges from 3 to 258, and you must enclose the parameter with double quotation marks (") and ensure that the filtering condition does not start or end with a space. The default value is recommended. |
The default filtering condition for importing user groups is (|(objectclass=organizationalUnit)(ou=*)).
The authentication server searches user groups based on the filtering condition. The user groups that match the filtering condition are imported to the device.
In the specified filtering condition, if the value of ou=* contains quotation marks (") or slashes (/), the import may fail.
# Set the filtering condition of a user group to (|(objectclass=group)(objectclass=groupofnames)(objectclass =groupofuniquenames)(objectclass=orgainzation)(ou=*)).
<sysname> system-view [sysname] user-manage import-policy policy1 from ldap [sysname-import-policy1] group-filter (|(objectclass=group)(objectclass=groupofnames)(objectclass =groupofuniquenames)(objectclass=orgainzation)(ou=*))