LDAP Only: Negative User Filter 
Use
The negative user filter allows you to define that certain users and accounts are not displayed on the user interface and are not taken into account by the User Management Engine (UME).
By specifying the ume.ldap.negative_user_filter property for LDAP data sources in the data source configuration file, you can define that all users and accounts that match the defined conditions are filtered out by the UME API.
Users that are defined in the filter are:
· not displayed in any UME user interfaces, such as the administration console or the user mapping function in the portal
· not displayed in any applications that use the UME API
· ignored in functions such as user replication and export
· not able to log on to any applications that use programmatic authentication with the UME API
Procedure
...
1. Edit the data source configuration file as described in Editing UME Configuration Files.
2. Add the ume.ldap.negative_user_filter property to the private section, <privateSection>, of the data source for your corporate LDAP.
The value for this property must have the form:
ldapattribute1=[value1,value2,...];ldapattribute2=[value5,...]...
It is a list of one or more conditions separated by semicolons. Each condition is an LDAP attribute and a list of one or more values for this attribute separated by commas and contained in brackets. The LDAP attribute must be a physical LDAP attribute in the LDAP directory and not a logical attribute as used by the UME API.
If the user meets any one of the conditions, it is filtered out.
Example
The following configuration defines that all users with the last name Murphy are filtered out.
<dataSources> |
The following defines that all users with the last name Murphy or Smith are filtered out.
<ume.ldap.negative_user_filter> |
The following example applies for Microsoft Active Directory Server (ADS). Here, all user accounts that are disabled on ADS or that have the object class computer are filtered out.
<ume.ldap.negative_user_filter> |