LDAP Group under different trees
Our JazzUsers/JazzAdmins group is under a different ldap tree then the JazzGuests group. It appears that the 'base group dn' has to be direct parent, ie: it doesn't do a subtree search. Is there any way to enable a subtree search for groups? It is unlikely that we will be able to change the ldap structure to conform to this apparent restriction.
Example (where we have allEmployees mapped to jazzGuests): CN=jazzUsers,OU=Applications,OU=Corporate Groups, DC=ad,DC=xxx,DC=com CN=jazzAdmins,OU=Applications,OU=Corporate Groups, DC=ad,DC=xxx,DC=com CN=allEmployees,OU=Corporate Groups, DC=ad, DC=xxx,DC=com Tried settings base group dn to OU=Corporate Groups,... but that fails, I'm assuming because it can't find jazzUsers/jazzAdmins which are deeper under OU=Applications. |
One answer
jason.kissinger@bsci-dot-com.no-spam.invalid (jasonkissinger) wrote in
news:gp3jkk$d2e$1@localhost.localdomain: CN=allEmployees,OU=Corporate Groups, DC=ad, DC=xxx,DC=com would BaseDN -> dc=com work if we keep the cn different enough ? if not, I think this is a good enhancement and you should open a Work Item :) -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.