Closed thekoma closed 4 years ago
you store the group membership in the memberof attribute of each user?
I store the users in the member attribute of the group and the group in the attribute memberof of the user
To help you: This is an user (admin) in LDAP (FreeIPA Default configuration and schema) Which as you can see is memberOf the group admins And this is a Group (the group admins of course, where you can see the user Admin is member).
Also memberOf is capable of managing multi level and linked groups. Admins is member of group A and group A is member of Group B So if you search in group B you will find admin as member. (Mind tricky but simple to search).
under "LDAP Group attribute used for group membership" you should put "member" and under "LDAP User attribute used for group membership" you should put the attribute for "uid=admin,cn=users,cn=accounts,dc=..." (I am guessing dn?!) Let me know if this works for you. I put together a small explemation for all the settings, hopefully that helps as well: https://github.com/KircheNeuenburg/ldapcontacts/wiki/Settings-Documentation
The memberOf attribute is currently not supported by this app.
I think it's related to: https://github.com/KircheNeuenburg/ldapcontacts/issues/33#issuecomment-420195891
I saw from var dump that "LDAP User attribute used for group membership" gets somehow to HEX format and breaks LDAP filter.
If I remove ldap_escape filter is correct, I get results, but return $groups still crashes whole App.
The app uses nextclouds own ldap mappers so this should be resolved.
no matter what values I enter in the Attribute values, the group are either not filtered (every user is in every group) or i none. No Group:
All tthe groups:
NextCloud is actually managing well the user/group mappings looks like the problem is only in the app. Also using the companion app "LDAP Organisation" it shows all the groups containing no user or either no group at all.
Some info: I'm using FreeIPA I've more then 100 groups I've more than 500 users I'm using without any issue the memberof mapping for other application. I've set advanced filters for users/group/logins in the main ldap section.