I have successfully integrated LDAP with MWG7.1.6 The authentication test gives successful but it does not show me all the groups the user is part of. When I extract user group details with Authentication test using NTLM i get enitire list of groups the user is part of. I have attached the screenshots for reference. Please help me out!
Solved! Go to Solution.
I think "cn" is probably not the right attribute to obtain from the LDAP server. If this is an AD, did you try to retrieve "memberOf" instead of "cn"?
Yes you are correct! "memberof" gives me groups details and "cn" gives me groups & user details. I was getting only group "administrator" only because in the filtering option of get groups i used (samaccountname=%u). When I remove this filter entire group list is extracted with user (it shows all groups in AD even those of which the user is not part of). So the attribute to extract should be "memberof". Now i am stuck up at what should be the filter expression to locate a group object the user is part of. Please advice!
Thats good! Usually you will only use "Get User Attributes" or "Get Group Attributes". As far as I understood you will use "Get User Attributes" if the User attribute contains all groups. As for AD this is the case, since a user (like Administrator) has a "memberOf" attribute for each group he is member in.
"Get Group Attibutes" would be used if the user does not contain information about his groups, but the groups are located elsewhere in the directory, and contain attributes for each user. For example you have a group "Internet Allowed Employees" somewhere in your directory, and this group object has attributes like "member=Andre, member=Administrator", etc. In this case MWG has to ask all group objects if the user is member of that groups.
For AD getting the memberOf attributes from the user should be fine.