Re: Unable to view LDAP group members
Hello, The ldap-user-group-provider does not require that you use both the user sync and group sync to obtain the list of users and group associations from your AD. In your case, it may be best to only perform the group sync byu configuring the properties as follows: SUBTREE <--- leave this set as it is a required property to be set even if user sync is not being performed sAMAccountName <--- keep this set so that group member attribute DNs returned during the group sync are not used to identify the user. Instead the user's sAMAccountName string will be used DC=x,DC=com group SUBTREE (cn=NIFI*) sAMAccountName member Hope this helps you get the list you are looking for. Thanks, Matt On Mon, Sep 13, 2021 at 8:15 AM Samudrala, Vamshi Bhargav wrote: > Trying the Dev team for help. > > From: Samudrala, Vamshi Bhargav > Date: Tuesday, 7 September 2021 at 12:24 AM > To: us...@nifi.apache.org > Subject: Unable to view LDAP group members > Hello there, > > I’ve set up NiFi to use our organization’s LDAP. I’m able to see the > groups with the current configuration but I’m unable to see the members in > it. I’m actually able to see the members when I specify the full group name > but not with a regex. I’ve tried multiple combinations over the last few > days but haven’t been able to get it working. Hoping to find the answers > here. > > The conf that works: > DC=xx,DC=com > person > SUBTREE > (memberOf=CN=NIFI_GROUP_NAME,OU=Groups,OU=ISO,DC=x,DC=com) > sAMAccountName > > > > DC=x,DC=com > group > SUBTREE > (cn=NIFI*) > sAMAccountName > member > > > > I see all the groups whose name start with NIFI. I see the group name in > the users’ Member Of list and the users in the group’s Members list on the > NiFi UI for the NIFI_GROUP_NAME group and not others. The below doesn’t > work though. I want to see all the groups and members if the groups whose > name starts with NIFI. The only change I made is in the User Search Filter > and included a wildcard. > > > DC=xx,DC=com > person > SUBTREE > (memberOf=CN=NIFI_*OU=Groups,OU=ISO,DC=x,DC=com) > sAMAccountName > > > > DC=x,DC=com > group > SUBTREE > (cn=NIFI*) > sAMAccountName > member > > > > I see the group names but not the members. > > > Thanks, > Vamshi >
Re: Unable to view LDAP group members
The problem is that ldap search filters doesn’t support wildcard when searching the memberof attribute. You can find many questions on the web for this issue. But is unfortunately not supported. Kind regards Jens > Den 13. sep. 2021 kl. 08.23 skrev Samudrala, Vamshi Bhargav > : > > Trying the Dev team for help. > > From: Samudrala, Vamshi Bhargav > Date: Tuesday, 7 September 2021 at 12:24 AM > To: us...@nifi.apache.org > Subject: Unable to view LDAP group members > Hello there, > > I’ve set up NiFi to use our organization’s LDAP. I’m able to see the groups > with the current configuration but I’m unable to see the members in it. I’m > actually able to see the members when I specify the full group name but not > with a regex. I’ve tried multiple combinations over the last few days but > haven’t been able to get it working. Hoping to find the answers here. > > The conf that works: >DC=xx,DC=com >person >SUBTREE >(memberOf=CN=NIFI_GROUP_NAME,OU=Groups,OU=ISO,DC=x,DC=com) >sAMAccountName > > > >DC=x,DC=com >group >SUBTREE >(cn=NIFI*) >sAMAccountName >member > > > > I see all the groups whose name start with NIFI. I see the group name in the > users’ Member Of list and the users in the group’s Members list on the NiFi > UI for the NIFI_GROUP_NAME group and not others. The below doesn’t work > though. I want to see all the groups and members if the groups whose name > starts with NIFI. The only change I made is in the User Search Filter and > included a wildcard. > > >DC=xx,DC=com >person >SUBTREE >(memberOf=CN=NIFI_*OU=Groups,OU=ISO,DC=x,DC=com) >sAMAccountName > > > >DC=x,DC=com >group >SUBTREE >(cn=NIFI*) >sAMAccountName >member > > > > I see the group names but not the members. > > > Thanks, > Vamshi
Re: Unable to view LDAP group members
Trying the Dev team for help. From: Samudrala, Vamshi Bhargav Date: Tuesday, 7 September 2021 at 12:24 AM To: us...@nifi.apache.org Subject: Unable to view LDAP group members Hello there, I’ve set up NiFi to use our organization’s LDAP. I’m able to see the groups with the current configuration but I’m unable to see the members in it. I’m actually able to see the members when I specify the full group name but not with a regex. I’ve tried multiple combinations over the last few days but haven’t been able to get it working. Hoping to find the answers here. The conf that works: DC=xx,DC=com person SUBTREE (memberOf=CN=NIFI_GROUP_NAME,OU=Groups,OU=ISO,DC=x,DC=com) sAMAccountName DC=x,DC=com group SUBTREE (cn=NIFI*) sAMAccountName member I see all the groups whose name start with NIFI. I see the group name in the users’ Member Of list and the users in the group’s Members list on the NiFi UI for the NIFI_GROUP_NAME group and not others. The below doesn’t work though. I want to see all the groups and members if the groups whose name starts with NIFI. The only change I made is in the User Search Filter and included a wildcard. DC=xx,DC=com person SUBTREE (memberOf=CN=NIFI_*OU=Groups,OU=ISO,DC=x,DC=com) sAMAccountName DC=x,DC=com group SUBTREE (cn=NIFI*) sAMAccountName member I see the group names but not the members. Thanks, Vamshi
