Re Benjamin
Am 03.11.2015 um 19:04 schrieb Jeffrey Pilant:
Benjamin Klier writes:I'm trying to import my users and groups from Active Directory. Getting in the users works just fine, but importing the groups (with a $LDAPGroupFilter like (|(CN=MY_RT_USERS_*)) ) is giving some errors.<snip>The problem seems to be that in our AD the main groups norally just concatenate other subgroups so that they doesn't include users but just other groups, for example MY_RT_USERS_AGENTS + +-----> SOME_SUBGROUP | + | +----> USER_1 | | | +----> USER_2 | | | +----> USER_3 | +-----> ANOTHER_SUBGROUP + +----> USER_4 | +----> USER_5 | +----> ... Unfortunately it's not an option to rework our AD group structure :-( Crawling the rt-users archive didn't get me anywhat closer to find a solution to that problem. I'm using RT::Extension::LDAPImport v0.36 Maybe anyone has some experience with a configuration like that and would be able to give me the missing hint :-)Why flatten the AD structure? You should be able to recreate it entirely with RT groups. Psuedocode: Sub AddAGroup(SomeGroup) Obj = LDAP(SomeGroup) RT->AddGroiupName(Obj->Name) For each member in Obj: If member is a group then AddAGroup(member) RT->AddUserToGroup(Obj->Name, member) next. This recursive algorithm should duplicate the AD layout below a node if you give it an AD node. /jeff ________________________________________________________________________ The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged. Inadvertent disclosure of this message does not constitute a waiver of any privilege. If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message. Please also delete this e-mail and all copies and notify the sender. Thank you. For alternate languages please go to http://bayerdisclaimer.bayerweb.com ________________________________________________________________________
-- Benjamin Klier Systemadministration Max-Planck-Institut für die Physik des Lichts Guenther-Scharowsky-Str. 1/Bau 24 D-91058 Erlangen Tel.: 09131-6877-511 Fax : 09131-6877-199 eMail : benjamin.kl...@mpl.mpg.de http://www.mpl.mpg.de
smime.p7s
Description: S/MIME Cryptographic Signature