Question: Get recursive users of group

[cdaecke]

First of all: A big thank you for this great extension!

Now my question/problem/challenge: I would like to get the users of a subgroup, which I do not import into TYPO3. My configuration in the backend module LDAP / SSO in the tab FE_GROUPS is the following:

Base DN: ou=Intranet,ou=GROUPS,ou=MyBusiness,dc=example,dc=com

Filter: (&(member={USERDN})(objectClass=group))

This works perfectly fine and returns the groups of the Active Directory below the branch Intranet.

Active directory tree:

MyBusiness |- GROUPS |-- Intranet |--- Sub 1 |--- Sub 2 |-- Other

Other is memberOf Sub 1.

Now I would like to give access to the group Sub 1 which has no users attached itself, but is member of Other. Since I don't get the group Other, because it is outside of the Intranet tree, it seems to not knowing the users of Other.

Is there a way to get this working?

With the following filter, I get everything I need for one user: (&(member:1.2.840.113556.1.4.1941:=CN=MyName,OU=abc,OU=def,OU=hij,OU=MyBusiness,DC=example,DC=com)(objectClass=group))

But the following, general approach, returns nothing: (&(member:1.2.840.113556.1.4.1941:=CN={USERDN})(objectClass=group))

Any hint is much appreciated.

[bnf]

Maybe a bit late, but might be helpful for others:

Your filter has a typo, you will be using duplicate CN=.

Change your filter from: (&(member:1.2.840.113556.1.4.1941:=CN={USERDN})(objectClass=group))

to: (&(member:1.2.840.113556.1.4.1941:={USERDN})(objectClass=group))

And make sure to set LDAP » Relation between groups and users to Group contains the list of its members, otherwise the group query is useless, as the memberOf property of the user would be used (which doesn't contain the recursive groups).

[xperseguers]

is it to be considered solved?

[cdaecke]

Yes, thanks a lot!