grouper-users - RE: [grouper-users] How to add only active AD users to a group
Subject: Grouper Users - Open Discussion List
List archive
- From: "Sawyer, Mona Zarei" <>
- To: "Hyzer, Chris" <>, "" <>
- Subject: RE: [grouper-users] How to add only active AD users to a group
- Date: Tue, 13 Mar 2018 16:14:25 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:EkvjVBYqFTQbEHYV/TAGFO3/LSx+4OfEezUN459isYplN5qZrsq8bnLW6fgltlLVR4KTs6sC17KN9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCazbL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjA57m/Zl9BwgqxYrhKvphxw34HbbZqPNPZiYq/QZ88WSXZDU8tXSidPApm8b4wKD+cZM+pWspPyplUOrBSgHwmgHP7kxDhPhn/wx6IxzucuHhvc3AM+HtICvmnfodLwNKcVV+C61qjJwC7Gb/NXwzj97YnIfgo/rv6RQLJ9aMzcwlQsGQPdllict5bqMy+I2ukIrmSX8vdsWOehi2Motw19vj2ixskyhYTGm44Yz1XJ+CdkzIs7PdG0VVB3bNq+HJdNtSyWKpF6Tt0tTmxsoio217ILtYCjcCgE1psqxALTZvmCfoWG/x3sSfieLDJ8iX55Y72/iRO//Ei8xuHgWcS51VhHoyVLktbRsH0Gygbd5dKdSvRn+0eswTaP2B7X6uFDOU06jbbWJZk9zrItj5YerFzNEyHvlEXxl6CZaF8o+u+16+T7ebrmoYKcN4lphQ3kKqQugMu/AfgmPQcSQ2ib+OO81Lv58U3+XbVKkvk2kq7esJDZP8gUuqm5AwpN3oYi7RawESum3cwGkXYdMF5JZReKg5X0N13TJf34A/iyj0iwnDpuyfDJILLsDojII3XGkrrtYLhw51ZZyAUpzNBf45xUCqsGIPL2QkLxsdvYDhkjPA212OvnDdR92ZkbWWKOGKOWLr7dsUKQ6uI1P+aMfJMVuCr6K/U96P7ul3g5mUIFfaa3x5sbcW24Hu94LEWDenrhmdMBEWYRvgoiV+zmlkeOUT9VZ3auQa08/Dc7B5y6DYvdXIyinqGO3DroVqFRMypmG0KBCzOgXIWeWuxGIHaXKc9wgDEefbm6QMk8zRyoskn3x6cxaqKe9TcfqIruzp1o/ODJjjkz8yB5FcKQzzvLQm1p1CtcSCUxwbhyuwlg0VqZyoB5heBVD9pe+6kPXwsnY83y1et/XprJUx3Qc83NAHOhRNzuMzgrQ9N7i4sLZEB0Cf2njxnG3mynD6JDxO/DP4A97q+Jhyu5HM160XuTjKQ=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hello Chris, I updated the filter with the below ldap query. The query works fine in AD Ldap search but in grouper when I search to add a member it gives me a “The value entered is not correct” error. How can I get grouper to give me the active accounts? Filter: <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value>
(&(sAMAccountName=%TERM%*)(!userAccountControl:1.2.840.113556.1.4.803:=2)) </param-value> </param> <param> AD LDAP seach query: Gives the right result Grouper UI add members search. Gives the error. Thank you so much, Best Reagrds, Mona Z Sawyer M.Sc. Programmer Intermediate Middleware and Identity Services Information Technology | University of Miami 1320 S. Dixie Hwy | Suite 1000.49 Coral Gables, Fl 33146 305-284-2214 "At the U, we transform lives through teaching, research and service." From: Sawyer, Mona Zarei
Hi Chris, This is the search that I am using in the sources.xml. this way, the grouper searches the AD and brings in the disabled account. Where should I specify for the search to just bring in the Active ones? <search> <searchType>searchSubject</searchType> <param> <param-name>filter</param-name> <param-value> (employeeID=%TERM%*) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE
</param-value> </param> <param> <param-name>base</param-name> <param-value> Searchbase </param-value> </param> </search> <search> <searchType>searchSubjectByIdentifier</searchType> <param> <param-name>filter</param-name> <param-value> (sAMAccountName=%TERM%) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE
</param-value> </param> <param> <param-name>base</param-name> <param-value> Searchbase </param-value> </param> </search> <search> <searchType>search</searchType> <param> <param-name>filter</param-name> <param-value> (cn=%TERM%) </param-value> </param> <param> <param-name>scope</param-name> <param-value> SUBTREE_SCOPE
</param-value> </param> <param> <param-name>base</param-name> <param-value> Searchbase </param-value> </param> </search> Thank you so much, Best Reagrds, Mona Z Sawyer M.Sc. Programmer Intermediate Middleware and Identity Services Information Technology | University of Miami 1320 S. Dixie Hwy | Suite 1000.49 Coral Gables, Fl 33146 305-284-2214 "At the U, we transform lives through teaching, research and service." From: Hyzer, Chris []
Can you add the attribute to the filters for this source? If not, can sanitize and send your sources.xml and tell us which attribute name and value identifies active?
J Thanks Chris e.g. (& (original filter) (| (useraccountcontrol = 512) (useraccountcontrol = 66048)) ) From:
[]
On Behalf Of Sawyer, Mona Zarei Hello, I have a case that there is a user with two AD accounts. One is Disabled and the other is Active. what changes should I make to sources.xml to only bring in and add the member’s active account from AD?
Thank you so much, Best Reagrds, Mona Z Sawyer M.Sc. Programmer Intermediate Middleware and Identity Services Information Technology | University of Miami 1320 S. Dixie Hwy | Suite 1000.49 Coral Gables, Fl 33146 305-284-2214 "At the U, we transform lives through teaching, research and service." |
- [grouper-users] How to add only active AD users to a group, Sawyer, Mona Zarei, 03/12/2018
- RE: [grouper-users] How to add only active AD users to a group, Hyzer, Chris, 03/12/2018
- RE: [grouper-users] How to add only active AD users to a group, Sawyer, Mona Zarei, 03/12/2018
- RE: [grouper-users] How to add only active AD users to a group, Sawyer, Mona Zarei, 03/13/2018
- RE: [grouper-users] How to add only active AD users to a group, Hyzer, Chris, 03/14/2018
- RE: [grouper-users] How to add only active AD users to a group, Sawyer, Mona Zarei, 03/19/2018
- RE: [grouper-users] How to add only active AD users to a group, Hyzer, Chris, 03/14/2018
- RE: [grouper-users] How to add only active AD users to a group, Hyzer, Chris, 03/12/2018
Archive powered by MHonArc 2.6.19.