User List Filter

Ignition 8.1.17

Using the forum I was able to build a query to return users from specific groups. Is there a way to use wildcards such as * or % to reduce the query?
Ie.
Plant_Ignition_1
Plant_Ignition_2
Below will return users from both groups.
(&(objectClass=User)
(|(memberOf=CN=Plant_Ignition_1,OU=Ignition,OU=ARG,OU=SM,DC=xxx,DC=xxx,DC=xxx)
(memberOf=CN=Plant_Ignition_2,OU=Ignition,OU=ARG,OU=SM,DC=xxx,DC=xxx,DC=xxx)))
I’ve read conflicting information on whether wildcards can be used, so if there’s a better route please advise.

Aiming for something like this;
(&(objectClass=User)(memberOf=CN=Plant_Ignition_*,OU=Ignition,OU=ARG,OU=SM,DC=xxx,DC=xxx,DC=xxx))

I have no idea what I just read, what query language is this ?

Pretty sure it’s LDAP

@RonB I would think it would be dependent on the server you are using. Is this for Microsoft AD or something else?

@lrose Yes, it’s an LDAP query run through/tested with “Active Directory Users and Computers” application. Then modified to work in the Ignition User Sources; Advanced settings; User List Filter

The end goal is that we do not populate the user list with All users from the AD server, but only those that pass through the user filters. Maybe a little elaboration would help.

With only using active directory as the user source they are adding AD security groups such as admin, designer, maintenance etc. for each plant.

(&(objectClass=User)
(|(memberOf=CN=Plant_Ignition_1_Admin,OU=Ignition,OU=ARG,OU=SM,DC=xxx,DC=xxx,DC=xxx)
(memberOf=CN=Plant_Ignition_1_Designer,OU=Ignition,OU=ARG,OU=SM,DC=xxx,DC=xxx,DC=xxx)(memberOf=CN=Plant_Ignition_1_Maintenance,OU=Ignition,OU=ARG,OU=SM,DC=xxx,DC=xxx,DC=xxx)))

Is there no way to retrieve all users that are part of “Plant_Ignition_1_” ? Or is adding each group, by the fully distinguished name, the only option?

Tip: use the </>` code formatting button to preserve code indentation and apply syntax highlighting. It makes any code much easier to read. There’s an edit button (pencil icon) below your posts so you can fix them.

The only way if gotten it to work is to create an overall group, e.g. SCADA_AllUsers, where all other actual groups are members of this group. I then use the following filter for the user list:
(&(objectCategory=person)(objectClass=user)(!(objectClass=computer))(memberOf:1.2.840.113556.1.4.1941:=CN=SCADA_AllUsers,OU=Systems,DC=whatever))

It works, but I’m also interested in your wildcard method as all the groups follow a sane naming convention