Troubleshooting
Problem
I have a following Active Directory LDAP structure and I am trying to import LDAP users via accessmgr LDAP User Import :
I also have "sub-tree" selected in the LDAP user import configuration, however, LDAP import does not import users that are part of Global Groups within the domain local.
Symptom
1. GUI > accessmgr login > LDAP User Import > Run Once now
2. You notice that only User1 which is a part of local group is imported.
3. Users from global groups EU and AMER aren't imported.
Environment
v10
Resolving The Problem
Change Search Filter in LDAP User Import pane to have a matching rule OID as 1.2.840.113556.1.4.1941.
The Search filter instead of :
memberof=CN=CompanyUsers,OU=GuardiumGroup,OU=Guardium,OU =Applications,DC=ibmtest,DC=com
should look like this:
(memberOf:1.2.840.113556.1.4. 1941:=CN=CompanyUsers,OU=GuardiumGroup,OU=Guardium,OU =Applications,DC=ibmtest,DC=com)
Pre-fixed rule OID is a special "extended" match operator that walks the chain of ancestry in objects all the way to the root until it finds a match. Note that this rule is limited to filters that apply to the DN.
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
11 February 2019
UID
ibm10871312