Foros de discusión

How to get the nested groups in LDAP/AD?

Mayank Sahney, modificado hace 11 años.

How to get the nested groups in LDAP/AD?

New Member Mensajes: 2 Fecha de incorporación: 31/05/10 Mensajes recientes
When the user is imported from AD all the associated groups are not imported (created in Liferay) or user is assigned to the group. Users are getting assigned only to the groups that he is associated directly.

Example:
User is member of “New York Group”
User is not a member of “US Group” directly.
“New York Group” is member of “US Group”.

When the user is imported from Liferay we are expecting the user to be associated with “US Group” & “New York Group”.

But Liferay associate the user only the “New York Group” as the user is direct member (not through other group) of this group.
Mayank Sahney, modificado hace 11 años.

RE: How to get the nested groups in LDAP/AD?

New Member Mensajes: 2 Fecha de incorporación: 31/05/10 Mensajes recientes
We were able to achieve this with few setting in Liferay.
This was achieved using the LDAP Matching chain rule. This is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match".

In Group mappings, we need to set the below value to user attribute.
Member:1.2.840.113556.1.4.1941:

In this way we can get all the user groups User is related with. Both “New York Group” & “US Group” would get imported for the User into Liferay.

Also for filter the user group we can use “Import Search Filter” attribute in Groups.

Example

To filter the groups those names are starting with “App” we should set the Search Filter attribute value as below.

(&(&(objectClass=group)(CN=App*)))
Sebastian Wikholm, modificado hace 10 años.

RE: How to get the nested groups in LDAP/AD?

Regular Member Mensajes: 104 Fecha de incorporación: 10/03/11 Mensajes recientes
I tried to put in portal-ext.properties the following:

ldap.group.mappings=groupName=cn\ndescription=description\nuser=member:1.2.840.113556.1.4.1941:

it doesnt seem to work, any clue what i might be doing wrong
zeine mahbouby, modificado hace 9 años.

RE: How to get the nested groups in LDAP/AD?

New Member Mensajes: 2 Fecha de incorporación: 3/09/14 Mensajes recientes
Hello,
i have a same problem ,did you find a solution?
thanks
Florian Bayer, modificado hace 9 años.

RE: How to get the nested groups in LDAP/AD?

New Member Mensajes: 16 Fecha de incorporación: 23/05/12 Mensajes recientes
Hi,
I know It's been a while: but have you tried changing the setting it in Control Panel?
If I remember correctly, the Control Panel-Settings take precedence over .properties file settings as soon as you clicked "Save" in the Control Panel (so the Settings are written to the database).
Sebastian Wikholm, modificado hace 9 años.

RE: How to get the nested groups in LDAP/AD?

Regular Member Mensajes: 104 Fecha de incorporación: 10/03/11 Mensajes recientes
Ive tried both in portal-ext.properties and in the control panel. None of them works
J Tojal, modificado hace 9 años.

RE: How to get the nested groups in LDAP/AD?

New Member Mensajes: 8 Fecha de incorporación: 16/06/14 Mensajes recientes
Hi ,

Any news about this?

With an example AD structure like

-group1
---group2 (as member of group1)
-----user_of_group2 (as member)

importing the user with

ldap.import.user.search.filter=(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=group1,OU=x,DC=y,DC=z))

and group mapping

ldap.import.group.search.filter=(objectClass=group)
ldap.group.mappings=description=description\ngroupName=cn\nuser=member:1.2.840.113556.1.4.1941:

I'm getting group2 and the user as a direct member in Liferay (6.2).

But like the original post, I'd like to get also group1 with user_of_group2 inside.

Is there someone who was able to achieve this yet?