Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] How to add only active AD users to a group

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] How to add only active AD users to a group


Chronological Thread 
  • From: "Sawyer, Mona Zarei" <>
  • To: "Hyzer, Chris" <>, "" <>
  • Subject: RE: [grouper-users] How to add only active AD users to a group
  • Date: Mon, 12 Mar 2018 20:55:44 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:7Rb1JhEqq+6hn1dTXY2q0J1GYnF86YWxBRYc798ds5kLTJ7yocSwAkXT6L1XgUPTWs2DsrQY07GQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDSwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOT4n/m/Klsx+gqFVoByjqBx+34Hbb5qYNOBicq/BZ94WWXZNU8RXWidcAo28dYwPD+8ZMOpWsofyvVUPrBugCgm2HO/k1zhGhnjw3aIgzu8uEhvJ3BY+ENIPvnjfsdL4NKIVUeCz1qbJzC7Ob/ZX2Tjn7YjIcwotru+RUrJtaMfcz1QkGQDdjliIt4DqJS+Z2vkIvmSG8uZsSOeii2Aopg1tvjSiw8kshZfGi48Wz13J8Cd0zJgrKtGgVUJ3f9qpHIFNuyyYKod6WN0uTm5stSog17ELtoC3cDAEyJs5xBPTd/mKfo2G7x3+SemePzJ1iXZ5dL2kiRa/9EitxvHgWsS71VtHoCVIktfRuX0Lyhfd8NKISuFn8UekwTuP1x7c6uVDIU0sjaTWN5kvzqI+m5YKr0nNBzL6lFzxjKCNaEoo4O+o6/n7Yrr9oZ+cKol0hRzkPqQ2gMy/Bvg4PRYSUGiH+OS807vj8Vf+QLVXkv02lq7ZsJfZJcgBuqG5BApV3p4i6xa5ETimzMwVkWcdI15ZZR6KipXlN0zTLP39A/eyjEignCtuyvDIILLsDZbAI33GnbrjY7py9VZQyA8pwtBe45JUBKsBIPX2WkLpsdzYCRk5PBa1wuv8DdV915kRWWeOAqODLqzdrEKI6vo1I+aQfI8VpCr9K/896v7hl385nkIdfbG30psNcXy4A+9mLFuDYXr3mdoBFWYKvhEiTOzxllGOSz9TZ3CuX60i/DE7DpypDZvdSoy3nrOOwTq7TdVqYTUMKkGeHG2sP66EQfYXImrGJ8Rhgy4JT5CgUIRnyAmjsgm8xrZ6eK6csCICso/72cIw+vbejwoa9DpoAt6b3n3XCWx4gylAEzAs271nrFY410yOy7NQgvpEGMZV6u8TFAo2KMiP4fZ9DoW4YQveb9qTDB6DRdOvSQM4VN8wiZdaZkF7EseKixHK2ivsDrMIwe/YTKco+77RiiCib/12zGzLgfEs
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi Chris,

 

This is the search that I am using in the sources.xml. this way, the grouper searches the AD and brings in the disabled account. Where should I specify for the search to just bring in the Active ones?

 

<search>

        <searchType>searchSubject</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (employeeID=%TERM%*)

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE           

            </param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>

                Searchbase

            </param-value>

        </param>

        

    </search>

    <search>

        <searchType>searchSubjectByIdentifier</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

               (sAMAccountName=%TERM%)

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE           

            </param-value>

        </param>

        <param>

            <param-name>base</param-name>

           <param-value>

                Searchbase

            </param-value>

        </param>

    </search>

   

    <search>

       <searchType>search</searchType>

         <param>

            <param-name>filter</param-name>

            <param-value>

                (cn=%TERM%)

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE           

            </param-value>

        </param>

         <param>

            <param-name>base</param-name>

            <param-value>

               Searchbase

            </param-value>

        </param>

    </search>

 

Thank you so much,

Best Reagrds,

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology | University of Miami

1320 S. Dixie Hwy | Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."

UMIT Logo - Email Signature

 

From: Hyzer, Chris [mailto:]
Sent: Monday, March 12, 2018 3:39 PM
To: Sawyer, Mona Zarei <>;
Subject: RE: [grouper-users] How to add only active AD users to a group

 

Can you add the attribute to the filters for this source?  If not, can sanitize and send your sources.xml and tell us which attribute name and value identifies active?  J

 

Thanks

Chris

e.g.

(& (original filter) (| (useraccountcontrol = 512) (useraccountcontrol = 66048)) )

 

 

From: [] On Behalf Of Sawyer, Mona Zarei
Sent: Monday, March 12, 2018 1:34 PM
To:
Subject: [grouper-users] How to add only active AD users to a group

 

Hello,

 

I have a case that there is a user with two AD accounts. One is Disabled and the other is Active.

what changes should I make to sources.xml to only bring in and add the member’s active account from AD?

 

Thank you so much,

Best Reagrds,

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology | University of Miami

1320 S. Dixie Hwy | Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."

UMIT Logo - Email Signature


Archive powered by MHonArc 2.6.19.

Top of Page