LDAP Resolver and AD User Groups

getting AD Users in a specific OU is working fast and reliable. How can privacyIdea get users from an ActiveDirectory Group?
I tried the following:

  • group as Base-DN: no error, no users
  • root-OU as Base-DN, filter (memberOf=“CN-of-Group”): no error, no users

What do I do wrong?

Thanks in advance

This worked for me

Unfortunately my users are in a Group not in an OU…

You need to improve your LDAP skills.

The filter with memberOf needs to complete DN of the group. This is LDAP and is nothing privacyIDEA specific.

LDAP works correct, but the AD-Admin forgot to grant the correct rights. Now its working!

1 Like