And what is the AD query to get user groups by UID? On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <[email protected]> wrote:
> This config works for me in M$ AD. > > > > ldap_conn_host=123.456.789.123 > > ldap_conn_port=389 > > ldap_conn_secure=false > > > > ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in > > ldap_passwd=passwordhere > > ldap_search_base=DC=sample,DC=co,DC=in > > > > ldap_search_query=(sAMAccountName=%s) > > ldap_search_scope=SUBTREE > > ldap_auth_type=SEARCHANDBIND > > ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in > > > > ldap_provisionning=AUTOCREATE > > ldap_deref_mode=always > > ldap_use_admin_to_get_attrs=true > > ldap_sync_password_to_om=true > > > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > > > ldap_user_picture_uri=profile.jpg > > ldap_use_lower_case=false > > > > > > Best Regards > > > > Dominic > > > > *From:* Maxim Solodovnik [mailto:[email protected]] > *Sent:* 05 August 2015 19:52 > *To:* Openmeetings user-list > *Subject:* Re: [HELP NEEDED] LDAP import AD groups > > > > I need someone who can fix this query for M$ AD :( > Or someone who can give me search only test access to AD > > WBR, Maxim > (from mobile, sorry for the typos) > > On Aug 5, 2015 20:18, "Michael Wuttke" <[email protected]> > wrote: > > Hello Maxim, > > sorry but we use M$ AD and it returns nothing or only errors with this > query. ;-( > > Greetings, > Michael > > Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik: > > Hello Michael, > > Thanks for your reply > I need query to get all groups of user with some uid. > > so I get uid for for the user: for ex. "solomax" > I need to get all groups this user is part of. > > On my test LDAP server this query: > (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups > for given UID > > > > On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke > <[email protected] > <mailto:[email protected]>> wrote: > > Hello Maxim, > > I don't know how to use the ldap_search for your query. > > But we use owncloud. Here are our LDAP queries we use for owncloud: > > the ldap query for users: > (&(|(objectclass=person)) > > (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0)) > > (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1)) > > (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2)) > > (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3)) > )) > > the ldap query for login attributes: > (&(&(|(objectclass=person)) > > (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0)) > > (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1)) > > (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2)) > > (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03)) > (|(sAMAccountName=%uid))) > > and the ldap query for groups: > > (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics))) > > Here is the docu how to configure ldap auth: > > https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html > > and the cowncloud code repo the ldap auth app: > https://github.com/owncloud/core/tree/master/apps/user_ldap > > Maybe it helps you? > > Thanks & Greetings, > Michael > > Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik: > > ups, sorry wrong keyboard :((( > > ---- Can anyone with access to AD check if this query works in > AD, and > сщккусе ше ащк ФВ ша тще, > ++++ Can anyone with access to AD check if this query works in > AD, and > correct it for AD if not, > > On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> > wrote: > > Hello All, > > I'm currently trying to implement > https://issues.apache.org/jira/browse/OPENMEETINGS-1214 > I was able to find query to get all groups in LDAP: > > The following query seems to be able to list all groups for > the user > with "uid == test1": > (&(memberUid=test1)(objectClass=posixGroup)) > > Can anyone with access to AD check if this query works in > AD, and > сщккусе ше ащк ФВ ша тще, > > Thanks in advance! > > -- > WBR > Maxim aka solomax > > > > > -- > WBR > Maxim aka solomax > > > -- > Vielen Dank & mit freundlichen Grüßen, > Michael Wuttke > > Administration des Lern-Management-Systems > Beuth Hochschule Berlin - Hochschulrechenzentrum > Luxemburger Str. 10 > 13353 Berlin > Tel: +49 (0)30 45 04 2004 > Haus Bauwesen; Raum: D 225a > E-Mail: [email protected] > News: https://lms.beuth-hochschule.de/rss > -- WBR Maxim aka solomax
