cancel
Showing results for 
Search instead for 
Did you mean: 
satbir
Level 7

LDAP group attributes pull task not successful

Jump to solution

Hi,

I have successfully integrated LDAP with MWG7.1.6 The authentication test gives successful but it does not show me all the groups the user is part of. When I extract user group details with Authentication test using NTLM i get enitire list of groups the user is part of. I have attached the screenshots for reference. Please help me out!

ldap group issue.jpg

Regards,

Satbir

0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: LDAP group attributes pull task not successful

Jump to solution

You could try the following, which I usually use then I set up LDAP with AD:

Auswahl_336.png

0 Kudos
6 Replies
asabban
Level 17

Re: LDAP group attributes pull task not successful

Jump to solution

Hello,

I think "cn" is probably not the right attribute to obtain from the LDAP server. If this is an AD, did you try to retrieve "memberOf" instead of "cn"?

Best,

Andre

0 Kudos
satbir
Level 7

Re: LDAP group attributes pull task not successful

Jump to solution

HI Andre,

Yes you are correct! "memberof" gives me groups details and "cn" gives me groups & user details. I was getting only group "administrator" only because in the filtering option of get groups i used (samaccountname=%u). When I remove this filter entire group list is extracted with user (it shows all groups in AD even those of which the user is not part of). So the attribute to extract should be "memberof". Now i am stuck up at what should be the filter expression to locate a group object the user is part of.  Please advice!

Regards,

Satbir

0 Kudos
asabban
Level 17

Re: LDAP group attributes pull task not successful

Jump to solution

You could try the following, which I usually use then I set up LDAP with AD:

Auswahl_336.png

0 Kudos
satbir
Level 7

Re: LDAP group attributes pull task not successful

Jump to solution

Thanks a ton Andre! It worked!

Regards,

Satbir

0 Kudos
asabban
Level 17

Re: LDAP group attributes pull task not successful

Jump to solution

Thats good! Usually you will only use "Get User Attributes" or "Get Group Attributes". As far as I understood you will use "Get User Attributes" if the User attribute contains all groups. As for AD this is the case, since a user (like Administrator) has a "memberOf" attribute for each group he is member in.

"Get Group Attibutes" would be used if the user does not contain information about his groups, but the groups are located elsewhere in the directory, and contain attributes for each user. For example you have a group "Internet Allowed Employees" somewhere in your directory, and this group object has attributes like "member=Andre, member=Administrator", etc. In this case MWG has to ask all group objects if the user is member of that groups.

For AD getting the memberOf attributes from the user should be fine.

Best,

Andre

0 Kudos
satbir
Level 7

Re: LDAP group attributes pull task not successful

Jump to solution

Thanks Andre! Now concept is clear to me!

Regards,

Satbir

0 Kudos