Grouper Users - Open Discussion List

[Sam Erie <>]

The problem is I'm trying to make Subject source group entities AND grouper registry Groups, so I need them to have distinct searches by id for each. The users will be using the grouper registry Groups, so I want them easily searchable - using sAMAccountName. If I take just the CN=sAMAccountName* part to filter the Subject source groups then they will not be distinct.

The Subject source groups are only actually used by my loading scripts, so I may be able to work around this by adding some prefix to them, but using distinguishedName is ideal if it is possible.

Thank you though, that would work perfectly if I wasn't doing this as a workaround.

On Mon, Jun 25, 2018 at 12:12 PM, IAM David Bantz <> wrote:

(CN=dir_SW_OIT*) works as filter to find department groups in UA AD like

DN: CN=dir_SW_OIT_Identity_Access_Management,OU=SW,OU=OrganizationalDirectory,DC=ua,DC=ad,DC=alaska,DC=edu

and others

David Bantz

UA OIT IAM

On Mon, Jun 25, 2018 at 11:27 AM, Sam Erie <> wrote:

I am trying to resolve group subjects by their DN. I had everything set up and working correctly with sAMAccountName, but when I changed the id attribute to distinguishedName it stopped working. I can still search correctly by identifier (displayName) or general search (description), and when I findAll() using a wildcard it returns all subjects expected and their DN is correctly stored under id.

I am thinking the problem is because in AD filtering by distinguishedName has to be exact, cannot use wildcards. The searchSubject filter I have set up in sources.xml looks like this:

(&amp;(distinguishedName=TERM)(objectclass=group))

Which should not use a wildcard. So is it possible something extra is happening when TERM is swapped out for the actual searchValue?

I couldn't find anything about this in the list archive, so please let me know if there is any known method for searching by distinguishedName.