LDAP Resolver and AD User Groups

AAuer · March 19, 2020, 10:11am

Hi,
getting AD Users in a specific OU is working fast and reliable. How can privacyIdea get users from an ActiveDirectory Group?
I tried the following:

group as Base-DN: no error, no users
root-OU as Base-DN, filter (memberOf=“CN-of-Group”): no error, no users

What do I do wrong?

Thanks in advance
Andreas

henry · March 19, 2020, 10:25am

This worked for me

AAuer · March 19, 2020, 10:53am

Unfortunately my users are in a Group not in an OU…

cornelinux · March 20, 2020, 10:56pm

You need to improve your LDAP skills.

The filter with memberOf needs to complete DN of the group. This is LDAP and is nothing privacyIDEA specific.

AAuer · March 23, 2020, 12:42pm

LDAP works correct, but the AD-Admin forgot to grant the correct rights. Now its working!