-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: User - Groups
-
None
When creating a new ldap connector, I can specify a user filter like
>(&
> (objectCategory=Person)
> (sAMAccountName=*)
> (!(UserAccountControl:1.2.840.113556.1.4.803:=2))
> (memberOf:=
> CN=SomeGroup,
> OU=ACCESS,
> OU=CONFLUENCE_APP,
> OU=MGMT,
> DC=our-company,
> DC=com)
>)
But I can't specify a group filter like
>(&
> (objectCategory=Group)
> (|
> (cn=SomeGroup,
> OU=RestrictionGroups,
> OU=Confluence,
> OU=relevantGroupBranch,
> DC=our-company,
> DC=com
> )
> (cn=AnotherGroup,
> OU=SpaceGroups,
> OU=Confluence_B,
> OU=anotherGroupBranch,
> DC=our-company,
> DC=com
> )
> )
>)
I can not specify any OU for the group, so that it is taken from a very specific branch.
I can specify a base DN, but this fails, when I have more than two branches in the filter. From a semi-lay perspective, it isn't logical, why one thing works, while the other doesn't.
Yes, we do have a use-case. Security. We need to guarantee, that groups of a specific pattern originate from a certain place in the AD.