Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] How to add only active AD users to a group

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] How to add only active AD users to a group


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: "Sawyer, Mona Zarei" <>, "" <>
  • Subject: RE: [grouper-users] How to add only active AD users to a group
  • Date: Wed, 14 Mar 2018 02:33:04 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:bCpPux3Qp+J8EuUDsmDT+DRfVm0co7zxezQtwd8ZsesWLP/xwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfFjfK3SYMkaSHJBUMhPSiJBHo2yYYgBD+UDPOZXs4byqkAUrReiGQWhHv/jxiNKi3LwwKY00/4hEQbD3AE4Ed4AsnTVrdTrO6cISey+0bfFzTXZb/NXwjfx5pXDfxckof6QXbJxccvQxlc1Fw7ej1WQspDqMymI1uQVrWeb6exgWfixhGE6tgF8uz6izdoihInOg4Ia0FHE9SNhzYkvOd24TFR0YcW/EJtRrS6aMZF6Td8lQ2Ftvisx174IuYajcSQU0psr2wPTZvmaf4SV/x7uUeiRLDhkiH55fb+yhQi9/Ee+xuD5U8S4zkpGoyhdntXRuH0Bywbf58yaRvdn4EutxDKC2xrO5uxGIE04jaTbJIAiz7Isk5cetEvOEy/3lUrtiaKbclso9vaq5unibbjqu4WTOoBxhw7lPKkihsiyDOIlOQYURWeb4/6z1Lj78E35XrpKivo2n7HBvp3GIsoXurO1DxZI34kh9RqzFjCm388GknUdK1JFZQ6HgJPuO1HTJvD3EO2zg0y2kDds2/DJIKHuAonMLnjElrftZ7F961NAyAo3ytBf4JFUBqsdL/L0X0/9rN3YDhknPAyo2+vrFs9y2p8DVW+KH6OVLb7evFqG5u8gP+WAeIoYtTTjJPUq+fLjiHo0lUEBcaSrxZcXbWq3HvViI0WXe3rshdIBHH8PvgUiTOzriFyDXiBJZ3upXqI8/S00BJi7DYfbWI+thrqB0D2lEZJLe2BKEkqMHmvwd4WYR/cMbzqfIsB7kjwDSLihU5Eu1Qu3uA/n0LpoMPDU+jYDuJLn1dh1/PHTlQos+TBuDsSd1X2NQH9unmMOWTA2wL5zrVZjxViezKgry8BfQJZo7uxYXx1+fbvbyeUyOdnoVwOLNoOMT1CvUP2jADg0T5Q8z8JYJw43FM+lkwjOxW+3GLIPjJSKAoA56KTRwyK3KspggT6S27MmkkErWI5SLmC8nYZ+8RTeHYjEjx/fmqq3I/cyxinIoS2j3HiDpgUQew5qUL6PFSQabUvHv9njzkLZRPmzEbkhNE1MxdPUefgCUcHgkVgTHKSrA9/ZeW/k3j7oXRs=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

I think you have an error message in the logs which says:  Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis;

 

I google that and it says to put parens near the exclamation point

 

https://community.atlassian.com/t5/Jira-questions/LDAP-Directory-exception-Unbalanced-parenthesis-remaining-name/qaq-p/40943

 

This works for me in the subject properties:

 

subjectApi.source.kite.search.searchSubject.param.filter.value = (& (cn=%TERM%) (objectclass=person) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))

 

you might need this in the sources.xml (&amp;)

 

(&amp; (cn=%TERM%) (objectclass=person) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))

 

Thanks

Chris

 

From: Sawyer, Mona Zarei [mailto:]
Sent: Tuesday, March 13, 2018 12:14 PM
To: Hyzer, Chris <>;
Subject: RE: [grouper-users] How to add only active AD users to a group

 

Hello Chris,

 

I updated the filter with the below ldap query. The query works fine in AD Ldap search but in grouper when I search to add a member it gives me a “The value entered is not correct” error.

How can I get grouper to give me the active accounts?

 

Filter:

 

<search>

        <searchType>searchSubjectByIdentifier</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

               (&amp;(sAMAccountName=%TERM%*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

            </param-value>

        </param>

        <param>

 

 

AD LDAP seach query: Gives the right result

 

 

Grouper UI add members search. Gives the error.

 

 

Thank you so much,

Best Reagrds,

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology | University of Miami

1320 S. Dixie Hwy | Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."

UMIT Logo - Email Signature

 

From: Sawyer, Mona Zarei
Sent: Monday, March 12, 2018 4:56 PM
To: 'Hyzer, Chris' <>;
Subject: RE: [grouper-users] How to add only active AD users to a group

 

Hi Chris,

 

This is the search that I am using in the sources.xml. this way, the grouper searches the AD and brings in the disabled account. Where should I specify for the search to just bring in the Active ones?

 

<search>

        <searchType>searchSubject</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

                (employeeID=%TERM%*)

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE           

            </param-value>

        </param>

        <param>

            <param-name>base</param-name>

            <param-value>

                Searchbase

            </param-value>

        </param>

        

    </search>

    <search>

        <searchType>searchSubjectByIdentifier</searchType>

        <param>

            <param-name>filter</param-name>

            <param-value>

               (sAMAccountName=%TERM%)

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE           

            </param-value>

        </param>

        <param>

            <param-name>base</param-name>

           <param-value>

                Searchbase

            </param-value>

        </param>

    </search>

   

    <search>

       <searchType>search</searchType>

         <param>

            <param-name>filter</param-name>

            <param-value>

                (cn=%TERM%)

            </param-value>

        </param>

        <param>

            <param-name>scope</param-name>

            <param-value>

                SUBTREE_SCOPE           

            </param-value>

        </param>

         <param>

            <param-name>base</param-name>

            <param-value>

               Searchbase

            </param-value>

        </param>

    </search>

 

Thank you so much,

Best Reagrds,

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology | University of Miami

1320 S. Dixie Hwy | Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."

UMIT Logo - Email Signature

 

From: Hyzer, Chris []
Sent: Monday, March 12, 2018 3:39 PM
To: Sawyer, Mona Zarei <>;
Subject: RE: [grouper-users] How to add only active AD users to a group

 

Can you add the attribute to the filters for this source?  If not, can sanitize and send your sources.xml and tell us which attribute name and value identifies active?  J

 

Thanks

Chris

e.g.

(& (original filter) (| (useraccountcontrol = 512) (useraccountcontrol = 66048)) )

 

 

From: [] On Behalf Of Sawyer, Mona Zarei
Sent: Monday, March 12, 2018 1:34 PM
To:
Subject: [grouper-users] How to add only active AD users to a group

 

Hello,

 

I have a case that there is a user with two AD accounts. One is Disabled and the other is Active.

what changes should I make to sources.xml to only bring in and add the member’s active account from AD?

 

Thank you so much,

Best Reagrds,

 

Mona Z Sawyer M.Sc.

Programmer Intermediate

Middleware and Identity Services

Information Technology | University of Miami

1320 S. Dixie Hwy | Suite 1000.49

Coral Gables, Fl 33146

305-284-2214

 

"At the U, we transform lives through teaching, research and service."

UMIT Logo - Email Signature


Archive powered by MHonArc 2.6.19.

Top of Page