Limitations -> "Add LDAP or Local Username" wildcard?

New Contributor III


We'd like to run a Logout script in our environment, but only for logged in LDAP users whose account starts with xyz-. We can check for this in a Bash script, but I was wondering if there was a way to filter a Policy in the JSS itself by the currently logged on user (these users aren't necessarily registered as "Users" in the JSS, so we can't check for them via a Smart Group). This would avoid having a logout script run for all users, but only having an effect on the intended few users.

The Policy's "Limitations" option offers an option to add an "LDAP or Local Username"; is it possible to use wildcards in this field? (e.g. xyz-* to cause the policy to run for both xyz-tom and xyz-sam, but not for tom or sam.).

After some experimenting, it looks like neither xyz-* nor xyz-% work as wildcards in this context. We may have to do this via LDAP Group Membership instead.

Edit 2:
LDAP Groups don't seem to work either. The user is a member of the group xyz-users, but if the user logs out, the Policy never executes even though the LDAP Group xyz-users has been added as Limitation. It does work if the user is specified without any groups (e.g. user xyz-tom), but it doesn't run for any member of the LDAP Group as the setting implies.

Edit 3:
LDAP Groups work for us now. We had our Mapping set to memberOf instead of member for some bizarre reason.
This'll work as solution!