Targeting a specific container or containers
You can restrict Bravura Security Fabric to list only those user and group objects that exist in one or more named containers; for example, if your LDAP Directory Service server is divided into organizational units. To do this, on the Target system address configuration page, specify:
OUs to list users from
OUs to list groups from
These fields allow multiple values. To fill in multiple values, select List from the drop-down list box displaying in front of these fields, and use More button to add additional input box(es) when more than one value is given. Value in each input box is treated as a single value, for examples,
CN=myusers,DC=example,DC=com
*,OU=Groups,DC=example,DC=com
OU=people,OU=hr,DC=example,DC=com
You can also exclude OUs to further restrict the listing of users. This option will remove all users and groups that match the OU listed. To do this, specify:
OUs to exclude from listing
When the exclude OUs option and any of the list OUs options are used together, the listing process will list OUs first and then remove objects that match the exclude criteria.
If there are many OUs to list, there is an option to include all OUs in a file. To use the file, select the File option from the drop-down list and specify file name in the field.
These files must be located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory and contain a list of OUs to list or exclude users from. They cannot be combined into one file and must be separate.
For listing users from OUs:
# KVGROUP-V2.0
listOUs = {
"OU=people,OU=it,DC=example,DC=com";
"OU=people,OU=hr,DC=example,DC=com";
}For listing groups from OUs:
# KVGROUP-V2.0
listGroupOUs = {
"OU=Groups,OU=it,DC=example,DC=com";
"OU=Groups,OU=hr,DC=example,DC=com";
}For excluding OUs:
# KVGROUP-V2.0
excludeOUs = {
"OU=disabled,OU=it,DC=example,DC=com";
"OU=disabled,OU=hr,DC=example,DC=com";
}The connector will not list any OU if an OU file is empty.