Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Import of nested groups

cnihill
Champ in-the-making
Champ in-the-making

‎03-25-2010 07:31 AM

Hi,

I am looking to import a master group to Alfresco using an LDAP query. The master group contains 4 groups, one of which contains 17 other groups.

At the moment, when I run this query to import the master group, the four groups get imported but the 17 sub groups of one of those groups do not.

The only way around it is by firstly importing the 17 sub groups groups using a query specific to their parent group.
Then editing the group query in alfresco-glocal.properties and importing the master group on top of the 17 which automatically places the 17 sub groups into the relevant group.

Is it possible to use one group query to import a nested group structure like this?

The group query for the master group and the differential query is below.

I would be very grateful for any help here.
Thanks.


##groupQuery
##Inserting the master group here
ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\=CN=Alfresco Master Group,OU=User Groups,OU=ICTL,OU=Master Groups,DC=Domain,DC=ie))

##differential Group Query
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\=CN=Alfresco Master Group,OU=User Groups,OU=ICTL,OU=Master Groups,DC=Domain,DC=ie))
Labels:
0 Kudos
3 REPLIES 3

dward
Champ on-the-rise
Champ on-the-rise

‎03-25-2010 08:17 AM

Yes, LDAP import of hierarchical group structures is possible, but not if you restrict your LDAP queries like this!

In Active Directory, the memberOf attribute it not recursive - it only lists the groups that a group or user is a direct member of.

So you are going to have to find another way to restrict your user and group queries. If "Alfresco Master Group" really is the set of all groups that should be displayed in Alfresco, then perhaps you could directly add all groups and users that you want to show up to this group? Within this group, you could still have nested structures. All the inter-relationships between groups will still be picked up.
0 Kudos

cnihill
Champ in-the-making
Champ in-the-making

‎03-25-2010 11:40 AM

Thanks for the help.

Can I just confirm what you are saying?

You say that if I place all the groups I need, directly under the Alfresco Master Group, it should work?
I would agree with this based on what i have seen so far.

The way it stands at the moment is, I import the Alfresco Master Group and those groups directly inside that group get populated with users.
The groups within the Alfresco Master Group that conatin sub groups do not get populated with those subgroups which is due to the fact that you say memberOf is not recursive.

Is there any other way around adding all groups directly under the Master Group? Changing the AD directory structure might not be feasible.
Can the query be edited to recrsively go through the groups?
0 Kudos

brazen
Champ in-the-making
Champ in-the-making

‎03-11-2011 04:29 PM

Change your query to this:

    ##groupQuery
    ##Inserting the master group here
    ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf:1.2.840.113556.1.4.1941:\=CN=Alfresco Master Group,OU=User Groups,OU=ICTL,OU=Master Groups,DC=Domain,DC=ie))

    ##differential Group Query
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf:1.2.840.113556.1.4.1941:\=CN=Alfresco Master Group,OU=User Groups,OU=ICTL,OU=Master Groups,DC=Domain,DC=ie))

Notice the :1.2.840.113556.1.4.1941: added in after the memberOf in each query.  This is the LDAP_MATCHING_RULE_IN_CHAIN modifier - http://msdn.microsoft.com/en-us/library/aa746475%28v=vs.85%29.aspx
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC