Closed mdouchin closed 1 year ago
I would like to create the roles and grant them to their parents. What I would do with
GRANT "a-group-of-users" TO "role-a";
Perhaps with this config ?
sync_map:
- ldapsearch:
...
role:
name: "{sAMAccountName}"
parent: "{memberOf.cn}"
comment: "Role generated from LDAP entry {sAMAccountName}."
You should use a custom filter. I don't have access to an AD to test this but there is a lost example at https://ldap2pg.readthedocs.io/en/latest/ldap/#examples .
Each LDAP directory has its own set of filters. See your AD documentation for available filters.
Thanks for your answer. I will try ASAP and report
Let's close. Please reopen for updates.
What do you want?
Hi !
I must synchronize with an Active Directory server which does not return any
member
attribute when requesting the groups details, but instead adds amemberOf
attribute when requesting a user details.I have not found in the documentation any example showing how to get the user groups by requesting this
memberOf
attribute.I have not yet tested it fully, but I would like to know if this "reversed" logic will fit the ldap2pg way of requesting the LDAP server ?
Thanks in advance