The user-filter command configures the user filtering conditions of a dynamic security group.
The undo user-filter command deletes the user filtering conditions of a dynamic security group.
| Parameter | Description | Value |
|---|---|---|
| user-filter | Specifies the user filtering condition of the dynamic security group. The parameter is in regular expression. | If the filtering condition does not contain any space, its length ranges from 1 to 256. If the filtering condition contains spaces, its length ranges from 3 to 258, and you must enclose the parameter with double quotation marks ("). The parameter cannot start or end with any spaces. |
| all | Deletes all the user filtering condition of the dynamic security group. | - |
You need to configure filtering conditions only for dynamic security groups. Before you run the user-filter command, you must run the security-group-type dynamic command to set the security group to a dynamic security group.
The system does not provide any default filtering condition for dynamic security groups. You need to configure one to five filtering conditions for a dynamic group. The filtering conditions are logically ORed. That is, a user is added to the dynamic security group as long as the user meets one filtering condition.
# Set the user filtering condition of the dynamic security group to (&(ou=info)(objectClass=person)).
<sysname> system-view [sysname] user-manage security-group test [sysname-securitygroup-test] security-group-type dynamic [sysname-securitygroup-test] user-filter (&(ou=info)(objectClass=person))