Generate role with sAMAccountName from each user of a group
See original GitHub issueHi, We have already sharing about my problem with @bersace. So you send me this config for sync_map:
- ldap:
base: ou=users,ou=site,ou=oncodesign,dc=ldap,dc=local
attributes: sAMAccountName
roles:
- name_attribute: sAMAccountName
options: LOGIN
- ldap:
base: ou=groups,ou=site,ou=oncodesign,dc=ldap,dc=local
attributes: [groupname, members]
roles:
- name_attribute: groupname
options: NOLOGIN
member_attribute: members
I had adapted this config like this:
- ldap:
base: ou=users,ou=site,ou=oncodesign,dc=ldap,dc=local
filter: "(objectClass=User)"
attributes: sAMAccountName
roles:
name_attribute: sAMAccountName
options: LOGIN
- ldap:
base: ou=groups,ou=site,ou=oncodesign,dc=ldap,dc=local
filter: "(cn=NameofGroup)"
attributes: [member, cn]
roles:
name_attribute: member
options: NOLOGIN
member_attribute: cn
I had change “groupename and member” attributes because they are not recognized by AD.
So after start ldap2pg in dry mode, the script would create role for all users in OU Users but not only users member of my specified group.
Maybe I need to extract CN user from a first research to the group and next creat a sync_map for each user returned to take his sAMAccountName for create a role with this name. But I don’t know how to do this.
Thanks for support 😃
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Creation of groups - number added - Microsoft Q&A
1. Open ADUC, navigate to Users, find the group which need to be modified. · 2. Right click the group, choose Properties 110659-1.png...
Read more >Getting the sAMAccountName for all users in a AD Group
Use filter (&(objectCategory=group)(cn=TheGroup)) with scope subtree and attributes dn ,; Use filter (&(objectClass=user)(objectCategory=person) ...
Read more >The sAMAccountName Attribute - Broadcom support portal
You can write a custom logical attribute handler that generates a unique sAMAccountName automatically when a user or group is created. In this...
Read more >Powershell - how can i list both username and group ...
To produce list of groups that each user in a named group belongs to. I would like to combine these so that I...
Read more >PowerShell – add User to Group with Add-ADGroupMember
But that would require you to know each user's SAMAccountName. Another option is to first get the users based on a filter, the...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
If you want to limit the users to a particular AD group, maybe put that group in the filter?
untested:
@EagleEnergy no worry 😃