https://connect.hyland.com/t5/alfresco-archive/ldap-ad-group-imports/m-p/251534#M204664 <HTML><HEAD></HEAD><BODY><SPAN>Hi.</SPAN><BR /><SPAN>The directory i need to integrate with has a top level (as far as i'm concerned) group with a load of groups one level below. Among these lower groups are a few that need alfresco access, so there is a sibling group on the same lewer level called 'admin alfresco'. This group has members which are other groups at the same level.</SPAN><BR /><BR /><SPAN>Now the problem is that if I set the group search base to be the top level, then I get all groups including ones i don't want. And if i set the search query to then limit the search with memberOf:1.2.840.113556.1.4.1941:CN=admin alfresco, blah blah blah…&nbsp;&nbsp; then the groups imported are properly limited to only those that are members of the admin alfresco group, BUT what gets imported as a group is ANYTHING that matches the query. So I get a nested tree of groups (which is what I want) plus every group individually.</SPAN><BR /><BR /><SPAN>Eg:</SPAN><BR /><BR /><SPAN>*top level import</SPAN><BR /><SPAN>————*sub1</SPAN><BR /><SPAN>————*sub2</SPAN><BR /><SPAN>/////////————*sub2a</SPAN><BR /><SPAN>*sub1</SPAN><BR /><SPAN>*sub2</SPAN><BR /><SPAN>*sub 2a</SPAN><BR /><BR /><BR /><SPAN>When what is required is:</SPAN><BR /><BR /><SPAN>*top level import</SPAN><BR /><SPAN>————*sub1</SPAN><BR /><SPAN>————*sub2</SPAN><BR /><SPAN>/////////————*sub2a</SPAN><BR /><BR /><BR /><SPAN>And obviously is I just use memberOf without the LDAP_MATCHING_RULE_IN_CHAIN then i'll only get direct member groups and won't get sub2a (sub2a memberOf sub2 memberOf toplevel)</SPAN><BR /><SPAN>Does that make sense? and is there a way to resolve this other than completely restructuring the AD ?</SPAN><BR /><BR /><SPAN>Many thanks.</SPAN></BODY></HTML> Mon, 16 Jan 2012 12:01:27 GMT aaronshaw 2012-01-16T12:01:27Z https://connect.hyland.com/t5/alfresco-archive/ldap-ad-group-imports/m-p/251534#M204664 Hi.The directory i need to integrate with has a top level (as far as i'm concerned) group with a load of groups one level below. Among these lower groups are a few that need alfresco access, so there is a sibling group on the same lewer level called 'admin alfresco'. This group has members which are Mon, 16 Jan 2012 12:01:27 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-ad-group-imports/m-p/251534#M204664 aaronshaw 2012-01-16T12:01:27Z https://connect.hyland.com/t5/alfresco-archive/ldap-ad-group-imports/m-p/251535#M204665 <HTML><HEAD></HEAD><BODY><SPAN>I just had a further play and it seems that any group that matches the query at all is created. So the memberOf doesn't have to be the chained version.</SPAN><BR /><SPAN> So if I say memberOf=aspace | distinguishedName=subspace, it will create a group called aspace, with a group caled subspace alongside it, and then the subspace again within aspace.</SPAN></BODY></HTML> Mon, 16 Jan 2012 13:27:51 GMT https://connect.hyland.com/t5/alfresco-archive/ldap-ad-group-imports/m-p/251535#M204665 aaronshaw 2012-01-16T13:27:51Z