LDAPresolver can't import users from CN group object

Cornelius wrote:

The point is, that probably CN=Group… of yours is an LDAP group object.
I.e. this is not a container or OU, that contains user objects…

The users in your CN=Group are attributes to this group object.

No, privacyIDEA can not read those users.

As this looks like Active Directory and not like OpenLDAP you probably
have another chance: THe uses you want to find obviously contain the
attribute

memberOf="CN=Group,OU=groups,DC=beta,DC=alfa

Check this out! And then you can create an LDAP userfilter and find all
the users in this very group.

How can I use this filter for 600 OU-containers?
Does LDAP resolver support recursive query?

Hi Mihail,
yes, it does.
Use the right BaseDN.

Kind regards
CorneliusAm Donnerstag, den 24.03.2016, 02:01 -0700 schrieb Mihail Pa:

https://github.com/privacyidea/privacyidea/issues/343

Cornelius wrote:
The point is, that probably CN=Group… of yours is an LDAP
group object. I.e. this is not a container or OU, that
contains user objects…

    The users in your CN=Group are attributes to this group
    object.
    

    No, privacyIDEA can not read those users.
    
    As this looks like Active Directory and not like OpenLDAP you
    probably have another chance: THe uses you want to find
    obviously contain the attribute
    
    memberOf="CN=Group,OU=groups,DC=beta,DC=alfa
    
    Check this out! And then you can create an LDAP userfilter and
    find all the users in this very group.

How can I use this filter for 600 OU-containers?
Does LDAP resolver support recursive query?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6c817b98-d2c7-445b-8859-0c756e0dac6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Ok.

I have set root BaseDN, containing all child OU containers, and set search
filter with attribute memberOf="CN=Group…"
When i testing query from ldapsearch, it is worked.

ldapsearch -h AD_SERVER -D USER -w PASS -b “OU=ROOT_OU,DC=beta,DC=alfa”

-s sub “(memberOf=“CN=Group,OU=ROOT_OU,DC=beta,DC=alfa”)”

When i set this conf in LDAPresolver, there is no effect =(

https://lh3.googleusercontent.com/-GjaXXanWncQ/VvPJHW8St0I/AAAAAAAAC9c/U0i6veDBdkAmpHvyTkJBbhiW5v4XFuJjQ/s1600/image001.png