Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Generate role with sAMAccountName from each user of a group

See original GitHub issue

Hi, We have already sharing about my problem with @bersace. So you send me this config for sync_map:

- ldap:
    base: ou=users,ou=site,ou=oncodesign,dc=ldap,dc=local 
    attributes: sAMAccountName
  roles:
  - name_attribute: sAMAccountName
    options: LOGIN
- ldap:
    base: ou=groups,ou=site,ou=oncodesign,dc=ldap,dc=local 
    attributes: [groupname, members]
  roles:
  - name_attribute: groupname
    options: NOLOGIN
    member_attribute: members

I had adapted this config like this:

- ldap:
    base: ou=users,ou=site,ou=oncodesign,dc=ldap,dc=local
    filter: "(objectClass=User)"
    attributes: sAMAccountName
  roles:
    name_attribute: sAMAccountName
    options: LOGIN
- ldap:
    base: ou=groups,ou=site,ou=oncodesign,dc=ldap,dc=local
    filter: "(cn=NameofGroup)"
    attributes: [member, cn]
  roles:
    name_attribute: member
    options: NOLOGIN
    member_attribute: cn

I had change “groupename and member” attributes because they are not recognized by AD.

So after start ldap2pg in dry mode, the script would create role for all users in OU Users but not only users member of my specified group.

Maybe I need to extract CN user from a first research to the group and next creat a sync_map for each user returned to take his sAMAccountName for create a role with this name. But I don’t know how to do this.

Thanks for support 😃

Issue Analytics

State:
Created 6 years ago
Reactions:1
Comments:8 (4 by maintainers)

Top GitHub Comments

3reactions

cbandycommented, Nov 29, 2017

If you want to limit the users to a particular AD group, maybe put that group in the filter?

untested:

filter: >
  (&
    (objectClass=User)
    (memberOf=cn=YourGroupHere,ou=groups,ou=site,ou=oncodesign,dc=ldap,dc=local)
  )

0reactions

bersacecommented, Dec 1, 2017

@EagleEnergy no worry 😃

Top Results From Across the Web

Creation of groups - number added - Microsoft Q&A

1. Open ADUC, navigate to Users, find the group which need to be modified. · 2. Right click the group, choose Properties 110659-1.png...

Getting the sAMAccountName for all users in a AD Group

Use filter (&(objectCategory=group)(cn=TheGroup)) with scope subtree and attributes dn ,; Use filter (&(objectClass=user)(objectCategory=person) ...

The sAMAccountName Attribute - Broadcom support portal

You can write a custom logical attribute handler that generates a unique sAMAccountName automatically when a user or group is created. In this...

Powershell - how can i list both username and group ...

To produce list of groups that each user in a named group belongs to. I would like to combine these so that I...

PowerShell – add User to Group with Add-ADGroupMember

But that would require you to know each user's SAMAccountName. Another option is to first get the users based on a filter, the...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Generate role with sAMAccountName from each user of a group

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Unknown attribute u'samaccountname' after drop of attributes parameter in 4.2

manager.py chokes on special characters in dn