Hi.
The directory i need to integrate with has a top level (as far as i'm concerned) group with a load of groups one level below. Among these lower groups are a few that need alfresco access, so there is a sibling group on the same lewer level called 'admin alfresco'. This group has members which are other groups at the same level.
Now the problem is that if I set the group search base to be the top level, then I get all groups including ones i don't want. And if i set the search query to then limit the search with memberOf:1.2.840.113556.1.4.1941:CN=admin alfresco, blah blah blah… then the groups imported are properly limited to only those that are members of the admin alfresco group, BUT what gets imported as a group is ANYTHING that matches the query. So I get a nested tree of groups (which is what I want) plus every group individually.
Eg:
*top level import
————*sub1
————*sub2
/////////————*sub2a
*sub1
*sub2
*sub 2a
When what is required is:
*top level import
————*sub1
————*sub2
/////////————*sub2a
And obviously is I just use memberOf without the LDAP_MATCHING_RULE_IN_CHAIN then i'll only get direct member groups and won't get sub2a (sub2a memberOf sub2 memberOf toplevel)
Does that make sense? and is there a way to resolve this other than completely restructuring the AD ?
Many thanks.
