AnsweredAssumed Answered

LDAP (AD) group imports

Question asked by aaronshaw on Jan 16, 2012
Latest reply on Jan 16, 2012 by aaronshaw
Hi.
The directory i need to integrate with has a top level (as far as i'm concerned) group with a load of groups one level below. Among these lower groups are a few that need alfresco access, so there is a sibling group on the same lewer level called 'admin alfresco'. This group has members which are other groups at the same level.

Now the problem is that if I set the group search base to be the top level, then I get all groups including ones i don't want. And if i set the search query to then limit the search with memberOf:1.2.840.113556.1.4.1941:CN=admin alfresco, blah blah blah…   then the groups imported are properly limited to only those that are members of the admin alfresco group, BUT what gets imported as a group is ANYTHING that matches the query. So I get a nested tree of groups (which is what I want) plus every group individually.

Eg:

*top level import
————*sub1
————*sub2
/////////————*sub2a
*sub1
*sub2
*sub 2a


When what is required is:

*top level import
————*sub1
————*sub2
/////////————*sub2a


And obviously is I just use memberOf without the LDAP_MATCHING_RULE_IN_CHAIN then i'll only get direct member groups and won't get sub2a (sub2a memberOf sub2 memberOf toplevel)
Does that make sense? and is there a way to resolve this other than completely restructuring the AD ?

Many thanks.

Outcomes