Forums de discussion

How to get the nested groups in LDAP/AD?

Mayank Sahney, modifié il y a 11 années.

How to get the nested groups in LDAP/AD?

New Member Publications: 2 Date d'inscription: 31/05/10 Publications récentes
When the user is imported from AD all the associated groups are not imported (created in Liferay) or user is assigned to the group. Users are getting assigned only to the groups that he is associated directly.

Example:
User is member of “New York Group”
User is not a member of “US Group” directly.
“New York Group” is member of “US Group”.

When the user is imported from Liferay we are expecting the user to be associated with “US Group” & “New York Group”.

But Liferay associate the user only the “New York Group” as the user is direct member (not through other group) of this group.
Mayank Sahney, modifié il y a 11 années.

RE: How to get the nested groups in LDAP/AD?

New Member Publications: 2 Date d'inscription: 31/05/10 Publications récentes
We were able to achieve this with few setting in Liferay.
This was achieved using the LDAP Matching chain rule. This is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match".

In Group mappings, we need to set the below value to user attribute.
Member:1.2.840.113556.1.4.1941:

In this way we can get all the user groups User is related with. Both “New York Group” & “US Group” would get imported for the User into Liferay.

Also for filter the user group we can use “Import Search Filter” attribute in Groups.

Example

To filter the groups those names are starting with “App” we should set the Search Filter attribute value as below.

(&(&(objectClass=group)(CN=App*)))
Sebastian Wikholm, modifié il y a 10 années.

RE: How to get the nested groups in LDAP/AD?

Regular Member Publications: 104 Date d'inscription: 10/03/11 Publications récentes
I tried to put in portal-ext.properties the following:

ldap.group.mappings=groupName=cn\ndescription=description\nuser=member:1.2.840.113556.1.4.1941:

it doesnt seem to work, any clue what i might be doing wrong
zeine mahbouby, modifié il y a 9 années.

RE: How to get the nested groups in LDAP/AD?

New Member Publications: 2 Date d'inscription: 03/09/14 Publications récentes
Hello,
i have a same problem ,did you find a solution?
thanks
Florian Bayer, modifié il y a 9 années.

RE: How to get the nested groups in LDAP/AD?

New Member Publications: 16 Date d'inscription: 23/05/12 Publications récentes
Hi,
I know It's been a while: but have you tried changing the setting it in Control Panel?
If I remember correctly, the Control Panel-Settings take precedence over .properties file settings as soon as you clicked "Save" in the Control Panel (so the Settings are written to the database).
Sebastian Wikholm, modifié il y a 9 années.

RE: How to get the nested groups in LDAP/AD?

Regular Member Publications: 104 Date d'inscription: 10/03/11 Publications récentes
Ive tried both in portal-ext.properties and in the control panel. None of them works
J Tojal, modifié il y a 9 années.

RE: How to get the nested groups in LDAP/AD?

New Member Publications: 8 Date d'inscription: 16/06/14 Publications récentes
Hi ,

Any news about this?

With an example AD structure like

-group1
---group2 (as member of group1)
-----user_of_group2 (as member)

importing the user with

ldap.import.user.search.filter=(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=group1,OU=x,DC=y,DC=z))

and group mapping

ldap.import.group.search.filter=(objectClass=group)
ldap.group.mappings=description=description\ngroupName=cn\nuser=member:1.2.840.113556.1.4.1941:

I'm getting group2 and the user as a direct member in Liferay (6.2).

But like the original post, I'd like to get also group1 with user_of_group2 inside.

Is there someone who was able to achieve this yet?