AnsweredAssumed Answered

LDAP-AD members of subroups w different OU path

Question asked by cardinal_baseball on Apr 19, 2010
Latest reply on Apr 21, 2010 by legaulois
my ldap.synchronization.groupQeury is working fine - getting the main group and all sub groups.
my ldap.synchronization.personQuery is not returning members of subgroups, where the subgroups have a different ou path…
no errors in catalina.out.

i've used the "LDAP_MATCHING_RULE_IN_CHAIN" syntax but either something is off, or it doesn't work on member where the subgroup has a partially different ou path.  i should not that, when i create an "ldif" file of my main group, it contains the sub group name, but like my alfresco query, it also does not include the members of this sub group.  i've tired just about every configuration of the syntax i can think of but nothing works.  is it possible?  or has anyone customized the bean to work this way, if that's what needs to be done?  this is my query….

ldap.synchronization.personQuery=(&(objectclass\=user)(|(memberOf\:1.2.840.113556.1.4.1941\:\=cn\=admingroup,ou\=Security Groups,ou\=unitname,ou\=departmentname,ou\=organizationbranch,dc\=whatever1,dc\=whatever2)(memberOf\=cn\=admingroup)(memberOf\:1.2.840.113556.1.4.1941\:\=cn\=admingroup)(memberOf\:\=admingroup,ou\=Security Groups,ou\=unitname,ou\=departmentname,ou\=organizationbranch,dc\=whatever1,dc\=whatever2))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

Outcomes