You can imagine the search path (“Base de búsqueda de usuarios”) as a file directory spelled backwards and the leaf (the first component) as a regular file. For example, if your user mike@monstersinc.com
is at:
CN=Mike Wasowsky,OU=Usuarios,OU=Monster Assistance,OU=Energy,DC=monstersinc,DC=com
Then you can find the leaf (CN=Mike Wasowsky
) by searching in any of these paths:
OU=Usuarios,OU=Monster Assistance,OU=Energy,DC=monstersinc,DC=com
OU=Monster Assistance,OU=Energy,DC=monstersinc,DC=com
OU=Energy,DC=monstersinc,DC=com
DC=monstersinc,DC=com (that's as far as it will go, since this is the route)
Searches in any of those paths will find the user whose sAMAccountName
is mike
. You need to leave out the first element (CN=Mike Wasowsky
) as it is your user, and no leaf will be find below it with sAMAccountName = mike
The shorter the path specification, the longer the search will take (and it will perhaps bring up nodes that you don’t want to find).
Finally:
(&(memberOf=cn=<group>,ou=Usuarios,dc=<domain>,dc=<local>)(sAMAccountName=<%s username>)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
Is the condition your leaf must pass in order to be found. Perhaps the whole memberOf=...
is not needed since you can provide the path in the search path (“DN de usuario”).
Lastly, “DN de usuario” is your LDAP account to validate the user:
CN=administrador,DC=monstersinc,DC=com
Here’s a guide (in French) that you can pass through Google Translate and have a pretty good idea of how to configure this.
EDIT: I mixed up the field names; corrected.