Vue combinée Vue Plate Arborescence
Sujets [ Précédent | Suivant ]
toggle
Mayank Sahney
How to get the nested groups in LDAP/AD?
27 septembre 2012 05:26
Réponse

Mayank Sahney

Rang: New Member

Publications: 2

Date d'inscription: 31 mai 2010

Publications Récentes

When the user is imported from AD all the associated groups are not imported (created in Liferay) or user is assigned to the group. Users are getting assigned only to the groups that he is associated directly.

Example:
User is member of “New York Group”
User is not a member of “US Group” directly.
“New York Group” is member of “US Group”.

When the user is imported from Liferay we are expecting the user to be associated with “US Group” & “New York Group”.

But Liferay associate the user only the “New York Group” as the user is direct member (not through other group) of this group.
Mayank Sahney
RE: How to get the nested groups in LDAP/AD?
28 septembre 2012 02:45
Réponse

Mayank Sahney

Rang: New Member

Publications: 2

Date d'inscription: 31 mai 2010

Publications Récentes

We were able to achieve this with few setting in Liferay.
This was achieved using the LDAP Matching chain rule. This is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match".

In Group mappings, we need to set the below value to user attribute.
Member:1.2.840.113556.1.4.1941:

In this way we can get all the user groups User is related with. Both “New York Group” & “US Group” would get imported for the User into Liferay.

Also for filter the user group we can use “Import Search Filter” attribute in Groups.

Example

To filter the groups those names are starting with “App” we should set the Search Filter attribute value as below.

(&(&(objectClass=group)(CN=App*)))
Sebastian Wikholm
RE: How to get the nested groups in LDAP/AD?
21 août 2013 05:36
Réponse

Sebastian Wikholm

Rang: Junior Member

Publications: 69

Date d'inscription: 10 mars 2011

Publications Récentes

I tried to put in portal-ext.properties the following:

ldap.group.mappings=groupName=cn\ndescription=description\nuser=member:1.2.840.113556.1.4.1941:

it doesnt seem to work, any clue what i might be doing wrong
zeine mahbouby
RE: How to get the nested groups in LDAP/AD?
3 septembre 2014 06:22
Réponse

zeine mahbouby

Rang: New Member

Publications: 2

Date d'inscription: 3 septembre 2014

Publications Récentes

Hello,
i have a same problem ,did you find a solution?
thanks
Florian Bayer
RE: How to get the nested groups in LDAP/AD?
9 octobre 2014 23:34
Réponse

Florian Bayer

Rang: New Member

Publications: 14

Date d'inscription: 23 mai 2012

Publications Récentes

Hi,
I know It's been a while: but have you tried changing the setting it in Control Panel?
If I remember correctly, the Control Panel-Settings take precedence over .properties file settings as soon as you clicked "Save" in the Control Panel (so the Settings are written to the database).
Sebastian Wikholm
RE: How to get the nested groups in LDAP/AD?
13 novembre 2014 03:08
Réponse

Sebastian Wikholm

Rang: Junior Member

Publications: 69

Date d'inscription: 10 mars 2011

Publications Récentes

Ive tried both in portal-ext.properties and in the control panel. None of them works
J Tojal
RE: How to get the nested groups in LDAP/AD?
17 novembre 2014 11:49
Réponse

J Tojal

Rang: New Member

Publications: 6

Date d'inscription: 16 juin 2014

Publications Récentes

Hi ,

Any news about this?

With an example AD structure like

-group1
---group2 (as member of group1)
-----user_of_group2 (as member)

importing the user with

ldap.import.user.search.filter=(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=group1,OU=x,DC=y,DC=z))

and group mapping

ldap.import.group.search.filter=(objectClass=group)
ldap.group.mappings=description=description\ngroupName=cn\nuser=member:1.2.840.113556.1.4.1941:

I'm getting group2 and the user as a direct member in Liferay (6.2).

But like the original post, I'd like to get also group1 with user_of_group2 inside.

Is there someone who was able to achieve this yet?