I am configuring LDAP authentication against Windows AD, where the users are in groups with names containing a hash character and an arbitrary string:
CN=\#CS foo,OU=division,DC=fabrikam,DC=com
CN=\#CS bar,...
CN=\#CS baz,...
CN=\#CS qux,...
I have a working Static Group Search filter that uses asterisk wildcards to capture the hash sign, and which requires the full name of the CN. Those upstream names occasionally change, and break authentication. It's also a hassle to maintain the long list of OR clauses, for example (|(*CS foo)(*CS bar)(*CS baz)(*CS qux)) is ugly but it works.
I would like to capture #CS * "Hash-Charlie-Sierra-space-Asterisk", but using common backslash or RFC4515 style escape chars, I am getting errors :
(CN=\#CS *) (CN=\#CS foo) and (CN=\23CS foo) returns "Encountered the following error while trying to update: Failed to retrieve a group with these settings."
Any help on crafting a suitable query filter would be warmly appreciated. Splunk Enterprise 7.0.1 on Linux, Windows AD version unknown, presumed old-ish.
... View more