AnsweredAssumed Answered

Selective synchronization of users according to groups (LDAP-AD)

Question asked by fux on Nov 9, 2016
Latest reply on Nov 10, 2016 by fux

Hi all!

I'm greenhorn in the Alfresco. At the moment I am trying to resolve connection to AD, but for some reason I have not succeeded with the synchronization.
Groups is synchronized correctly, users is associated into a correct groups, but during synchronization is created a lot of other accounts (all users which is registered in this domain).

 

I have approximately similar structure in Active Directory:

 

(OU)Others
       (OU)Alfresco

             (Group)Management

             (Group)Personnel

              .... and more other groups, which can be changed in future ...

(OU)Company

    (Group)Users

         (User)Adam

         (User)John

         (User)Betty

 

Adam is member of:  cn=users,ou=Company,dn=domain,dn=tld

                    cn=Management,ou=Alfresco,ou=Others,dn=domain,dn=tld

John is member of:  cn=users,ou=Company,dn=domain,dn=tld

                    cn=Personell,ou=Alfresco,ou=Others,dn=domain,dn=tld

Betty is member of: cn=users,ou=Company,dn=domain,dn=tld

 

My group search filter is

ldap.synchronization.groupSearchBase=OU\=Alfresco,OU\=others,DC\=domain,DC\=tld

 

I would like to synchronize (and automatically add) only this users, which is member of whichever group in branch Others->Alfresco->...

(Adam and Jon, but NOT Betty)

 

How I can do it?

How i can synchronize only users from groups under OU Alfresco?

expression (memberOf=*OU\=Alfresco,OU\=others,DC\=domain,DC\=tld) not works, because wildcard * can't be used for attribute memberOf.

 

Thank You for Your time

Vladimir

Outcomes