Tim,
I'm not an expert here, but couldn't you make multiple AD sources, one for
each OU? E.g. "AD1-FOO" with Base DN "OU=FOO,DC=mcc,DC=edu" and "AD1-BAR" with
Base DN "OU=BAR,DC=mcc,DC=edu"? Each would would have a scope of "subtree" and
a matches-all rule that does the appropriate "Set role", etc.
Of course, if you have "OU=FAP,OU=FOO,DC=mcc,DC=edu" then you're not going to
be able to use "subtree" as the scope, but a little experimenting will probably
get you through that.
Hope that's helpful.
Don
From: Tim DeNike [mailto:[email protected]]
Sent: Monday, June 17, 2013 10:50 AM
To: [email protected]
Subject: [PacketFence-users] AD/LDAP Rules
Deploying Packetfence in an AD environment with about 80,000 users. We have
users divided up into different OUs. I dont see a way to make a rule act on
the OU of the user, or match distinguishedname "contains".
A great deal of the users are only a member of the OU, and not a member of any
additional groups, so we have no good way to match then to divide them into
different roles. The roles we have created actually match the OUs perfectly.
Going back and assigning dummy groups to 80,000 users really isnt in the cards.
Any ideas?
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
