Difference between revisions of "Configuration/Authentication Settings/LDAP groups"

From Davical
Jump to navigationJump to search
m
Line 1: Line 1:
Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see [[Configuration/Authentication Settings/LDAP Examples|LDAP Examples]] for base configuration details).
+
Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see [[Configuration/Authentication Settings/LDAP|LDAP Configuration]] for base configuration details).
 
Import/sync users and groups via the Administration > Import Calendars menu in the web interface.
 
Import/sync users and groups via the Administration > Import Calendars menu in the web interface.
 
Once you have users syncing from LDAP you should be able to sync groups with the following settings.
 
Once you have users syncing from LDAP you should be able to sync groups with the following settings.

Revision as of 23:02, 8 January 2015

Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see LDAP Configuration for base configuration details). Import/sync users and groups via the Administration > Import Calendars menu in the web interface. Once you have users syncing from LDAP you should be able to sync groups with the following settings.

    'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups
    'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames
    'group_mapping_field' => array('username' => 'cn',
                             'updated' => 'modifyTimestamp',
                             'fullname' => 'cn' ,
                             'members' =>'memberUid'
                             ), //used to create the group based on the ldap properties
     'scope' => 'subtree', // Search scope to use, defaults to subtree ( applies to BOTH user and group mappings )

Explanation of parameters:

baseDNGroups The base DN to look in for valid groups
filterGroups A filter which must pass for this to be a valid group
group_mapping_field An array of DAViCal field names vs. their LDAP mappings
scope The search scope for all LDAP searches(users and groups)

Note: the sync operations should be safe to use if you have made changes in LDAP and want those changes reflected in DAViCal.

Troubleshooting

If you do not see a message near the top of the page when syncing try running a search with another ldap tool.

 'baseDNGroups' => 'ou=Groups,dc=company,dc=com',
 'filterGroups' => 'objectClass=posixGroup'
 'scope' => 'subtree'

could be tested with

ldapsearch -h localhost -D "binddn" -W -s sub -b 'ou=Groups,dc=company,dc=com' 'objectClass=posixGroup'