Forums / Install & configuration / LDAP GROUP MAPPING

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

LDAP GROUP MAPPING

Previous topic

Install & configuration

Next topic

Author	Message
Alexandre Henriet	Thursday 19 November 2009 4:25:15 am I'm experiencing LDAP Authentification on active directory with Exponential. Authentification part works. The user I use to log-in is well created (using data from LDAP) in the default Exponential group called 'LDAP' that I specified in the configuration using LDAPUserGroup[]=LDAP. My problem concerns the different group mapping methods. I tryed the 3 without success, and I was wondering if it was possible to setup Exponential - LDAP group mapping with ldap objects with that kind of structure : In our AD, user objects have many entries looking like : memberOf: CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa memberOf: CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa memberOf: CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa while group objects have many entries looking like : member: CN=LoginX,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa member: CN=LoginY,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa member: CN=LoginZ,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa In most of the examples I've seen, group names in LDAP are stored in a custom field employeeType containing a single word value. It's not the case in our AD and we don't have the possibility to change its structure. What I would like to do is to store a user with a memberOf entry like : CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa in an Exponential group called : CompUsersG 1. Is it possible ? 2. Using which mapping method ? 3. How ? :-/ Thanks in advance, Alexandre
Alexandre Henriet	Thursday 19 November 2009 4:46:00 am Using the LDAP Debuging, with our AD structure and while using the "UseGroupAttribute" mapping method, when specifying LDAPUserGroupAttribute=memberOf at stage 3/5 : 'real authentication of user', we see that Exponential sees memberOf as an array : 'memberof' => array ( 'count' => 3, 0 => 'CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa', 1 => 'CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa', 2 => 'CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa', ), if it can helps someone to answer me ..
Alexandre Henriet	Friday 20 November 2009 2:25:14 am Without providing more explanations, can someone just tell me if it is possible plz ? :)

Author

Message

Alexandre Henriet

Thursday 19 November 2009 4:25:15 am

I'm experiencing LDAP Authentification on active directory with Exponential.
Authentification part works. The user I use to log-in is well created (using data from LDAP)
in the default Exponential group called 'LDAP' that I specified in the configuration
using LDAPUserGroup[]=LDAP.
My problem concerns the different group mapping methods.
I tryed the 3 without success, and I was wondering if it was possible
to setup Exponential - LDAP group mapping with ldap objects with that kind of structure :
In our AD, user objects have many entries looking like :
memberOf: CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
memberOf: CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
memberOf: CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa
while group objects have many entries looking like :
member: CN=LoginX,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
member: CN=LoginY,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
member: CN=LoginZ,OU=aaa,OU=bbb,OU=ccc,OU=ddd,OU=Unit placeholder,DC=eee,DC=fff,DC=aa
In most of the examples I've seen, group names in LDAP are stored in a custom field employeeType containing a single word value. It's not the case in our AD and we don't have the possibility to change its structure.
What I would like to do is to store a user with a memberOf entry like :
CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa
in an Exponential group called :
CompUsersG
1. Is it possible ?
2. Using which mapping method ?
3. How ? :-/
Thanks in advance,
Alexandre

Alexandre Henriet

Thursday 19 November 2009 4:46:00 am

Using the LDAP Debuging, with our AD structure and while using the "UseGroupAttribute" mapping method,
when specifying
LDAPUserGroupAttribute=memberOf
at stage 3/5 : 'real authentication of user', we see that Exponential sees memberOf as an array :
'memberof' =>
array (
'count' => 3,
0 => 'CN=CompUsersG,OU=rrr,OU=ppp,OU=ooo,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa',
1 => 'CN=IctWlanAccessAllG,OU=eee,OU=rrr,OU=ggg,OU=Unit placeholder,DC=yyy,DC=xxx,DC=aa',
2 => 'CN=IctXXX,OU=ttt,DC=yyy,DC=xxx,DC=aa',
),
if it can helps someone to answer me ..

Alexandre Henriet

Friday 20 November 2009 2:25:14 am

Without providing more explanations, can someone just tell me if it is possible plz ? :)