Listing LDAP Groups (AD)

Hi,

I’'m trying to list the groups that exist in our Active Directory environment in Wildfire but so far unsuccessfully.

The problem is that our baseDN = domain.com, which has separate OU’'s, for example:

• ou=groups,dc=domain,dc=com

• ou=users,dc=domain,dc=com.

When I set the basedn to ‘‘domain.com’’, I am unable to login as user ‘‘xyz’’, if however I set the basedn to ‘‘ou=users,dc=domain,dc=com’’, users are able to login but obviously the listing of groups doesnt work anymore.

I presume I have to fix this by setting up searchfilters… but you can’'t limit a search to a specific OU can you? if so… how can I do this?

Thanks

For user auth:

Assuming you wanted to limit the folks to can by a group named WF_Allusers

<searchFilter>(&(objectClass=user)(memberOf=CN=WF_Allusers;CN=Users;D C=domain;DC=com))</searchFilter>

otherwise:

<baseDN>DC=domain;DC=com</baseDN>

For Groups:

<groupSearchFilter>(&(objectCategory=Group)(objectClass=group))</gr oupSearchFilter>

If this doesnt work for you, can you please send your config so I can better understand your setup.

That’‘s not the point; there is actually 3 OU’'s at top-level

ou=maillists,dc=domain,dc=com

ou=local groups,dc=domain,dc=com

ou=recipients,dc=domain,dc=com

I want to limit the group lookup to OU=Recipients, and nothing else…

To clear things up a bit more, I want to list ALL groups inside ou=local groups, and I want to list ALL users inside ou=recipients, but I dont want to list anything on top-level; so my filter has to include the OU

Hi,

would you please post your configuration and enable the LDAP debug logging? So you should see why “if I set the basedn to “dc=domain,dc=com”, Logging in as user xyz won’'t work” causes problems.

LG