The first query may also be returning an empty result set because the group membership exceeds 1500 values and is being returned using Microsoft's "Range" implementation. There are notes on this phenomenon including a work around script in the AD how-to guide. https://lsc-project.org/documentation/howto/activedirectory
JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD [email protected] | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215 -----Original Message----- From: lsc-users [mailto:[email protected]] On Behalf Of Clément OUDOT Sent: Thursday, November 29, 2018 3:27 PM To: [email protected] Subject: [EXTERNAL] Re: [lsc-users] Syncing AD group members This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to [email protected] from a mobile device. ********************************************************************** Le 29/11/2018 à 16:30, Lior Dotan a écrit : > Hi, > > I'm trying to sync group members from AD 2016. I usually use this > filter to get the members: > <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> > > But for this AD, the filter doesn't return any data. I also tried > running the same filter with ldapsearch and again got no results. > So I tried to use: > <getOneFilter><![CDATA[(memberOf:1.2.840.113556.1.4.1941:=cn={cn})]]></getOneFilter> > > With ldapsearch I do get all the results but with LSC I get this error: > Synchronization aborted because no source object has been found ! > > Is there a way to use the 1.2.840.113556.1.4.1941 filter with LSC? You should be able to do it, but as far as I understand, the second filter is to find users which belong to groups, and the first filter is to find groups. Are you sure of what you want to do? -- Clément Oudot | Identity Solutions Manager [email protected] Worteks | https://urldefense.proofpoint.com/v2/url?u=https-3A__www.worteks.com&d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=q7qr7CF_gTu-fji_N8c-JSJpvOGvlE-14M6XqOWk2uw&s=e38EFGnSMOCTJQmYtblrpAveowJm3NZaMESf1RnQosQ&e= _______________________________________________________________ Ldap Synchronization Connector (LSC) - https://urldefense.proofpoint.com/v2/url?u=http-3A__lsc-2Dproject.org&d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=q7qr7CF_gTu-fji_N8c-JSJpvOGvlE-14M6XqOWk2uw&s=XxG-xWwSCRiWynPHqyJFo_c_rQpd60sXtCsoMcIZA1I&e= lsc-users mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.lsc-2Dproject.org_cgi-2Dbin_mailman_listinfo_lsc-2Dusers&d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=q7qr7CF_gTu-fji_N8c-JSJpvOGvlE-14M6XqOWk2uw&s=awmYzBujOIsHQlAPUEhnLq46V3VVR79bO5E-yeCz3LU&e= _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
