[rt-users] RT::Extension::LDAPImport and nested groups in Active Directory
benjamin.klier at mpl.mpg.de
Wed Nov 4 04:18:24 EST 2015
That looks promising, but unfortunately my perl isn't that good - maybe
you could give me a small code example how to add my groups from AD and
populate them with the AD users.
Am 03.11.2015 um 19:04 schrieb Jeffrey Pilant:
> Benjamin Klier writes:
>> I'm trying to import my users and groups from Active Directory. Getting
>> in the users works just fine, but importing the groups (with a
>> $LDAPGroupFilter like (|(CN=MY_RT_USERS_*)) ) is giving some errors.
>> The problem seems to be that in our AD the main groups norally just
>> concatenate other subgroups so that they doesn't include users but just
>> other groups, for example
>> +-----> SOME_SUBGROUP
>> | +
>> | +----> USER_1
>> | |
>> | +----> USER_2
>> | |
>> | +----> USER_3
>> +-----> ANOTHER_SUBGROUP
>> +----> USER_4
>> +----> USER_5
>> +----> ...
>> Unfortunately it's not an option to rework our AD group structure :-(
>> Crawling the rt-users archive didn't get me anywhat closer to find a
>> solution to that problem.
>> I'm using RT::Extension::LDAPImport v0.36
>> Maybe anyone has some experience with a configuration like that and
>> would be able to give me the missing hint :-)
> Why flatten the AD structure? You should be able to recreate it entirely with RT groups.
> Sub AddAGroup(SomeGroup)
> Obj = LDAP(SomeGroup)
> For each member in Obj:
> If member is a group then AddAGroup(member)
> RT->AddUserToGroup(Obj->Name, member)
> This recursive algorithm should duplicate the AD layout below a node if you give it an AD node.
> The information contained in this e-mail is for the exclusive use of the
> intended recipient(s) and may be confidential, proprietary, and/or
> legally privileged. Inadvertent disclosure of this message does not
> constitute a waiver of any privilege. If you receive this message in
> error, please do not directly or indirectly use, print, copy, forward,
> or disclose any part of this message. Please also delete this e-mail
> and all copies and notify the sender. Thank you.
> For alternate languages please go to http://bayerdisclaimer.bayerweb.com
Max-Planck-Institut für die Physik des Lichts
Guenther-Scharowsky-Str. 1/Bau 24
Fax : 09131-6877-199
eMail : benjamin.klier at mpl.mpg.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4950 bytes
Desc: S/MIME Cryptographic Signature
More information about the rt-users