It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,787

question asked: Mar 16 '12, 7:53 a.m.
question was seen: 4,266 times
last updated: Mar 16 '12, 7:53 a.m.

Related questions

FAQ - How this Forum works

Issues about LDAP (Active Directory) authentication

0
Luca Martinucci (1.0k294112) | asked Mar 16 '12, 7:53 a.m.
With RTC configured for authentication against Active Directory, I have a doubt concerning base user DN and base group DN.
I noticed that, if I empty the Base user DN field (I did that becausethe base DN was to restrictive and only a few users had been imported), RTC is no longer able to resolve the groups membership of any user, so that users have no assigned roles.
In addition, the RTC admin console says that the Find groups for user query is performed in the context of the Base group DN.
What exactly does that mean?

Accepted answer

1
permanent link
Kim Soederhamn (1.5k24247) | answered Mar 28 '12, 4:17 a.m.
With RTC configured for authentication against Active Directory, I have a doubt concerning base user DN and base group DN.
I noticed that, if I empty the Base user DN field (I did that becausethe base DN was to restrictive and only a few users had been imported), RTC is no longer able to resolve the groups membership of any user, so that users have no assigned roles.
In addition, the RTC admin console says that the Find groups for user query is performed in the context of the Base group DN.
What exactly does that mean?


The base user dn - is the lowest level you can find where all your users are in the subtree eg if you have:
usera in ou=persons ou=users dc=company dc=com and
userb in ou=users, dc=company, dc=com
then your base dn is ou=users, dc=company, dc=com

Check out the following article for clues:

http://jazz.net/library/article/479/
Luca Martinucci selected this answer as the correct answer

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.