Open juvancica opened 4 years ago
I don't think that this will work. As you said, OUs don't have a "memberof" attribute. Maybe you can split AD/LDAP DN and fiddle something with a script based mapping, but thinking about that makes me cringe. From what I understand, you'd need a group/subgroup structure in AD, but then you'd have to somehow list/map the nested AD groups a FE_USER is member of. There's a way to delegate the Check "Is user in group or any subgroup" to AD, but that would only work on the fly, not while importing, I guess.
Hello,
I'm trying to connect TYPO3 LDAP to AD 2019. I have an tree of OUs, mimicking our organization. So, at the top is head OU, followed by department OUs and so on. Users are in all OUs.
I can import all FE_USERS users from AD using (&(objectClass=Person)(sAMAccountName={USERNAME})). Mapping is: pid = 196 tstamp = {DATE} email =
name =
first_name =
last_name =
title =
company =
address =
zip =
city =
country =
telephone =
I can also import all FE_GROUPS using (objectClass=organizationalUnit) and mapping pid=196 tstamp={DATE} title =
But after I login with any user, I see the content for ALL groups. As if user is in ALL groups.
I can create new AD GROUPS in OUs and I see the users in these groups with memberOf option. But there is no memberOf option on OUs.
How can I map users to OUs? In a way, that user from bottom OU will see only his content, while user in top OUs would see the content from their OUs and all sub OUs...
Thank you,
Aleš