Cornelius wrote:
The point is, that probably CN=Group… of yours is an LDAP
group object. I.e. this is not a container or OU, that
contains user objects…
The users in your CN=Group are attributes to this group
object.
No, privacyIDEA can not read those users.
As this looks like Active Directory and not like OpenLDAP you
probably have another chance: THe uses you want to find
obviously contain the attribute
memberOf="CN=Group,OU=groups,DC=beta,DC=alfa
Check this out! And then you can create an LDAP userfilter and
find all the users in this very group.
How can I use this filter for 600 OU-containers?
Does LDAP resolver support recursive query?
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
I have set root BaseDN, containing all child OU containers, and set search
filter with attribute memberOf="CN=Group…"
When i testing query from ldapsearch, it is worked.
ldapsearch -h AD_SERVER -D USER -w PASS -b “OU=ROOT_OU,DC=beta,DC=alfa”
-s sub “(memberOf=“CN=Group,OU=ROOT_OU,DC=beta,DC=alfa”)”
When i set this conf in LDAPresolver, there is no effect =(