Active Directory Authentication - Wildcard Option

I'm using an Active Directory Authentication user source at an enterprise level. I would like this to populate from a variety of AD groups. Currently I have this querying as such:
User List Filter:

(&(objectClass=user)(|(memberOf=cn=IGN_AppName_Plant1,cn=Users,dc=xx,dc=xx,dc=xx,dc=com)(memberOf=cn=IGN_AppName_Plant2,cn=Users,dc=xx,dc=xx,dc=xx,dc=com)))

And then in the Role Search Filter, I have the following:

(&(objectClass=group)(cn=IGN_AppName_Plant1))

While this works, I don't want to modify it each time I add additional plants to the application. I expected to be able to use a wildcard (*) for my cn in both of these cases, like this:

(&(objectClass=group)(cn=IGN_AppName*))

That does not, however, work. I'm not an LDAP expert - can someone tell me if I'm mistaken or there is something different I need to configure or do in Ignition?

Hi -

Unfortunately, Active Directory does not support wildcards in DN attributes. From THIS technet article:

The wildcard character "*" is allowed, except when the is a DN attribute. Examples of DN attributes are distinguishedName, manager, directReports, member, and memberOf.

The wildcard for CN in the role search filter should work, but you will need to keep the full DN in the user list filter.

Is there some other attribute that you can filter on for these users? Or perhaps, are they under a unique branch of your LDAP tree so you can isolate the search?