grouper-users - Re: [grouper-users] Searching AD subject source by DN
Subject: Grouper Users - Open Discussion List
List archive
- From: Sam Erie <>
- To: "" <>
- Cc:
- Subject: Re: [grouper-users] Searching AD subject source by DN
- Date: Mon, 25 Jun 2018 12:43:41 -0800
- Ironport-phdr: 9a23:UH0vGhK+lX584rh9ctmcpTZWNBhigK39O0sv0rFitYgRKfvxwZ3uMQTl6Ol3ixeRBMOHs68C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwVFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QLYpUjqg8qhrUgflhyUJNzA5/m/ZidF+grxHrx+6vRNz35TZbZuJOPZifK7Qe84RS2pbXsZWUixMGp6yYJEKD+EcMuhYtYj9qEUTpha5HgmjGvnvyj5WiXLtx6I61/4uERrF3AM6Bd4BrmnbrMjsOaoUTOu7z7HIwC3dY/5XxTvw6o3Fch4irP6XQb59dMXcxVUzGw7Li1iftZDpPz2Q2+kIrWSX8fZvWOSygGA9sQ5xuCKgxsI0h4nJmI0VzlfE+D18wIkvJN24TFd3Ydm4EJdMri2bOJV6Tt0+TG1ytyY6zboGuZG/fCcU0pgo2xnfa/mff4iJ5BLsSvqRLC9miH9kZL6yhRO/8Uajx+LnSsW51VlHojZZntTCs30CywDf6saCR/Z44EutxyqA2xjW6u5eIEA0kaTbK4Qmwr41jpcTqlrMHjX3mErol6KZbEEk9fKz6+TkeLrqvIGTOJJpig3mKKQhhtS/AfgkMggJR2Wb9v681Lr+/U3hXrpKlOQ6krTCsJ/EP8QbvbW0AwtU0oY49xa/FCmq3M4ZnXkBMFJKZgiHj473NFHSPvz0F+mwjEmxkGQj+/eTdLHrKpzJJ2PAmfHscas3oxpQwiI6ydlE5JsSB70cdqHdQEj04efRC1cUKQ25i7L8Bc9826sXXWuUAabfPa/P5wzbrtkzKvWBMddG8A32LOIosqbj
The problem is I'm trying to make Subject source group entities AND grouper registry Groups, so I need them to have distinct searches by id for each. The users will be using the grouper registry Groups, so I want them easily searchable - using sAMAccountName. If I take just the CN=sAMAccountName* part to filter the Subject source groups then they will not be distinct.
The Subject source groups are only actually used by my loading scripts, so I may be able to work around this by adding some prefix to them, but using distinguishedName is ideal if it is possible.On Mon, Jun 25, 2018 at 12:12 PM, IAM David Bantz <> wrote:
(CN=dir_SW_OIT*) works as filter to find department groups in UA AD likeDN: CN=dir_SW_OIT_Identity_Access_Management,OU=SW,OU= OrganizationalDirectory,DC=ua, DC=ad,DC=alaska,DC=edu and othersDavid BantzUA OIT IAMOn Mon, Jun 25, 2018 at 11:27 AM, Sam Erie <> wrote:I couldn't find anything about this in the list archive, so please let me know if there is any known method for searching by distinguishedName.Which should not use a wildcard. So is it possible something extra is happening when TERM is swapped out for the actual searchValue?I am trying to resolve group subjects by their DN. I had everything set up and working correctly with sAMAccountName, but when I changed the id attribute to distinguishedName it stopped working. I can still search correctly by identifier (displayName) or general search (description), and when I findAll() using a wildcard it returns all subjects expected and their DN is correctly stored under id.I am thinking the problem is because in AD filtering by distinguishedName has to be exact, cannot use wildcards. The searchSubject filter I have set up in sources.xml looks like this:
(&(distinguishedName=TERM)(objectclass=group))
- [grouper-users] Searching AD subject source by DN, Sam Erie, 06/25/2018
- Re: [grouper-users] Searching AD subject source by DN, IAM David Bantz, 06/25/2018
- Re: [grouper-users] Searching AD subject source by DN, Sam Erie, 06/25/2018
- Re: [grouper-users] Searching AD subject source by DN, IAM David Bantz, 06/25/2018
Archive powered by MHonArc 2.6.19.