LDAPresolver can't import users from CN group object

Question
1

Cornelius wrote:

The point is, that probably CN=Group… of yours is an LDAP group object.
I.e. this is not a container or OU, that contains user objects…

The users in your CN=Group are attributes to this group object.

No, privacyIDEA can not read those users.

As this looks like Active Directory and not like OpenLDAP you probably
have another chance: THe uses you want to find obviously contain the
attribute

memberOf="CN=Group,OU=groups,DC=beta,DC=alfa

Check this out! And then you can create an LDAP userfilter and find all
the users in this very group.

How can I use this filter for 600 OU-containers?
Does LDAP resolver support recursive query?

2

Hi Mihail,
yes, it does.
Use the right BaseDN.

Kind regards
CorneliusAm Donnerstag, den 24.03.2016, 02:01 -0700 schrieb Mihail Pa:

0 user objects found · Issue #343 · privacyidea/privacyidea · GitHub

Cornelius wrote:
The point is, that probably CN=Group… of yours is an LDAP
group object. I.e. this is not a container or OU, that
contains user objects…

    The users in your CN=Group are attributes to this group
    object.
    

    No, privacyIDEA can not read those users.
    
    As this looks like Active Directory and not like OpenLDAP you
    probably have another chance: THe uses you want to find
    obviously contain the attribute
    
    memberOf="CN=Group,OU=groups,DC=beta,DC=alfa
    
    Check this out! And then you can create an LDAP userfilter and
    find all the users in this very group.

How can I use this filter for 600 OU-containers?
Does LDAP resolver support recursive query?

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6c817b98-d2c7-445b-8859-0c756e0dac6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

3

Ok.

I have set root BaseDN, containing all child OU containers, and set search
filter with attribute memberOf="CN=Group…"
When i testing query from ldapsearch, it is worked.

ldapsearch -h AD_SERVER -D USER -w PASS -b “OU=ROOT_OU,DC=beta,DC=alfa”

-s sub “(memberOf=“CN=Group,OU=ROOT_OU,DC=beta,DC=alfa”)”

When i set this conf in LDAPresolver, there is no effect =(

https://lh3.googleusercontent.com/-GjaXXanWncQ/VvPJHW8St0I/AAAAAAAAC9c/U0i6veDBdkAmpHvyTkJBbhiW5v4XFuJjQ/s1600/image001.png