We are using Identity Policies which will assign/remove provision roles based on user attributes. We are using LDAP filters in policy member rule and filter is failing to return users when attributes doesn't have any values. This was causing issues of not assigning/removing the provisioning roles.
Example: (&(&(locationnumber=0551))(|(jobtitlecode=3515)(jobtitlecode=60512)(jobtitlecode=10431)(jobtitlecode=3514)(jobtitlecode=3516)(jobtitlecode=60511)(jobtitlecode=60055)(jobtitlecode=60094)(jobtitlecode=3575)(jobtitlecode=60510)(jobtitlecode=10142)(jobtitlecode=60056)(jobtitlecode=60093)(jobtitlecode=3517)(jobtitlecode=60509)(jobtitlecode=3500)(jobtitlecode=60508)(jobtitlecode=10143)(jobtitlecode=55051))(!(UserEmpType=CO)))
Above filter is not returning the users who doesn't have value in attribute UserEmpType. The same query will return users from Active Directory but not from CA Directory (user store).
Does any one faced this issue earlier with CA Directory?