Adding members to groups via LDAP

othomas1 · ‎09-01-2020

Hello everyone,

Ive spent a good amount of time trying to get users into groups via LDAP. The user import works, the groups import works, but when i try to configure things to get users into the already existing group, nothing works. I saw a post that said you shouldnt map the u_member field, so i left it blank, can anyone lend some wisdom on getting users into groups?

OnAfter script:

//
// After a group has been inserted the line of code below will get
// all the users that belong to the group according to LDAP and
// put the users into this group. This is done by getting
// the value from the u_members field from the source record.
// If you do not want to put the users in the group then you
// can comment out or remove the line below. If you are using
// something other than Active Directory and user membership is
// not indicated via the 'member' attribute then you can add the
// following line to indicate what field should be used. This
// line would be added before the the call to addMembers.
//
ldapUtils.setMemberField('u_member');
//
ldapUtils.addMembers(source, target);

Mike Patel · ‎09-01-2020

1# Remove u_member from field maps

2# OnAfter script only needs be like ldapUtils.addMembers(source, target);

3# OnStart needs to be below

gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);

Make sure you are mapping source field from ldap import to source field on user record (sys_user).

It needs be like

ldap:CN=XXX\, CCCCC,OU=Users,DC=XXXX,DC=com

View solution in original post

Mike Patel · ‎09-01-2020

1# Remove u_member from field maps

2# OnAfter script only needs be like ldapUtils.addMembers(source, target);

3# OnStart needs to be below

gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);

Make sure you are mapping source field from ldap import to source field on user record (sys_user).

It needs be like

ldap:CN=XXX\, CCCCC,OU=Users,DC=XXXX,DC=com

othomas1 · ‎09-02-2020

Hi Mike, thanks so much for the info. I made the suggested changes and i still didnt get any users into my groups. My setup is below:

Mike Patel · ‎09-02-2020

I think you got it wrong.

I was trying to say was as part of your user import transform map make sure you are mapping source to source field on sys_user record.

also go to sys_user table and open one of the user who is member of the group you are importing. We need to make sure the source field has full length.

1st go to u_van_ldap_group_import.list and make sure the dn field is not getting cut off. change the length of that field to like 400.

2nd go to your user import table and make sure the length of the source field.

othomas1 · ‎09-02-2020

Hi Mike,

The length of the dn field for u_van_ldap_group_import was already at 400. And the source field length on the user record is 255 and seems to not be cutting of any info.