I am trying to configure a Helpdesk Profile.
In the current schema, we have a list of DN's on an attribute inside of each department which acts as a master record of the Helpdesk Admins for that department.

ou=ABC,ou=Facilities,o=Company
ou=DEF,ou=Facilities,o=Company
ou=XYZ,ou=Faciltiies,o=Company

Inside ABC (and all other facilities) there is an attribute "staffHelpdesk"
staffHelpdesk is a multivalued DN list of users (the master record of helpdesk admins for each department).

In my Helpdesk Profile Match, I need to be able to search that attribute in all of the facilities to see if the user's DN is listed, if it is, he will be an authorized helpdesk user for that facility. My original intent was to do a profile search filter of "staffHelpDesk=@LDAP:DN@", this errors in ERROR, ldap.LdapPermissionTester, error reading matching users: 5015 ERROR_UNKNOWN (unexpected error during ldap search (profile=default), error: 5015 ERROR_UNKNOWN (ldap error during searchID=131, error=javax.naming.InvalidNameException: o=Company: [LDAP: error code 34 - Invalid DN Syntax]))


My questions are:
Can you use macros for dynamic searching to match profiles?
Can you use macros in any of the searching filters for Helpdesk?
Is there another way to accomplish this without redesigning our schema and processes?