Dear Evgeny,

If I correctly understand your demand you try to use negative filter for all users of a specific OU. Am I correct? Please be informed that this option can be only used with users in LDAP datasource.

You can gather useful hints from the SAP Help document: https://help.sap.com/viewer/44a42f8a693e4498be42434d28ff3457/7.5.7/en-US/9af43541b9cc4c0de10000000a1...

Additionally I describe you an example:

1. Make an LDIFDE export from an example user, check its OU attribute and setup negative filter for this attribute. If it is successfully setup all users with the OU will be filtered out. I am not sure that OU is with capital letters or not. You can see it in the LDIFDE result since it is important. See how to do that:

2. You define that all users with the OU=SAP with the following script:

Modify the Datasource XML according to the following method as an example:

[...]
<dataSources>
[...]
</dataSource>
[...]
<dataSource id="CORP_LDAP">
[...]
<privateSection>
[...]
<ume.ldap.negative_user_filter>OU=[SAP]</ume.ldap.negative_user_filter>
[...]
</privateSection>
[...]
</dataSource>
</dataSources>

After changing the setting upload the Datasource XML and restart the AS Java and check whether users with OU=SAP are filtered out.

3. If you want more OUs to filter out try the followings with comma as an example:

[...]
<dataSources>
[...]
</dataSource>
[...]
<dataSource id="CORP_LDAP">
[...]
<privateSection>
[...]
<ume.ldap.negative_user_filter>OU=[SAP,Service,Company]</ume.ldap.negative_user_filter>
[...]
</privateSection>
[...]
</dataSource>
</dataSources>

After changing the setting upload the Datasource XML and restart the AS Java. Check whether the users with OUs: SAP,Service,Company will be filtered.

Best Regards,
Barnabás Paksi