[rt-users] RT::Extension::LDAPImport and nested groups in Active Directory
Benjamin Klier
benjamin.klier at mpl.mpg.de
Tue Nov 3 07:26:43 EST 2015
I'm trying to import my users and groups from Active Directory. Getting
in the users works just fine, but importing the groups (with a
$LDAPGroupFilter like (|(CN=MY_RT_USERS_*)) ) is giving some errors.
searching with: base => 'OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' control =>
'Net::LDAP::Control::Paged=HASH(0x93cc210)' filter =>
'(|(CN=MY_RT_USERS_*))' scope => 'sub'
search found 2 objects
Processing group MY_RT_USERS_AGENTS
Found new group MY_RT_USERS_AGENTS to create in RT
RT Field RT Value -> LDAP Value
Description unset => Imported from LDAP
Member_Attr unset => ARRAY(0x9834d90)
Name unset => MY_RT_USERS_AGENTS
Processing group membership for MY_RT_USERS_AGENTS
No group in RT, would create with members:
searching with: base =>
'CN=ANOTHER_GROUP,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' control =>
'Net::LDAP::Control::Paged=HASH(0x983cfc0)' filter =>
'(&(objectClass=user)(!(cn=*Template*))(!(enabled=false))(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*)(lastLogonTimestamp>=130251456000000000))'
scope => 'base'
search found 0 objects
Imported 1/2 groups
The problem seems to be that in our AD the main groups norally just
concatenate other subgroups so that they doesn't include users but just
other groups, for example
MY_RT_USERS_AGENTS
+
+-----> SOME_SUBGROUP
| +
| +----> USER_1
| |
| +----> USER_2
| |
| +----> USER_3
|
+-----> ANOTHER_SUBGROUP
+
+----> USER_4
|
+----> USER_5
|
+----> ...
Unfortunately it's not an option to rework our AD group structure :-(
Crawling the rt-users archive didn't get me anywhat closer to find a
solution to that problem.
I'm using RT::Extension::LDAPImport v0.36
Maybe anyone has some experience with a configuration like that and
would be able to give me the missing hint :-)
--
Benjamin Klier
Systemadministration
Max-Planck-Institut für die Physik des Lichts
Guenther-Scharowsky-Str. 1/Bau 24
D-91058 Erlangen
Tel.: 09131-6877-511
Fax : 09131-6877-199
eMail : benjamin.klier at mpl.mpg.de
http://www.mpl.mpg.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4950 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151103/84088932/attachment.bin>
More information about the rt-users
mailing list