Configuration/Authentication Settings/LDAP groups: Difference between revisions

From Davical
Jump to navigationJump to search
mNo edit summary
 
(#704069)
 
Line 7: Line 7:
     'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames
     'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames
     'group_mapping_field' => array('username' => 'cn',
     'group_mapping_field' => array('username' => 'cn',
                             'updated' => 'modifyTimestamp',
                             'modified' => 'modifyTimestamp',
                             'fullname' => 'cn' ,
                             'fullname' => 'cn' ,
                             'members' =>'memberUid'
                             'members' =>'memberUid'

Latest revision as of 15:33, 5 May 2017

Group import/sync was added in 0.9.9, to use groups from LDAP first get users syncing from LDAP (see LDAP Configuration for base configuration details). Import/sync users and groups via the Administration > Import Calendars menu in the web interface. Once you have users syncing from LDAP you should be able to sync groups with the following settings.

    'baseDNGroups' => 'ou=Groups,dc=company,dc=com', //where to look for groups
    'filterGroups' => 'objectClass=posixGroup', //filter with same rules as filterUsers, could also be groupOfUniqueNames
    'group_mapping_field' => array('username' => 'cn',
                             'modified' => 'modifyTimestamp',
                             'fullname' => 'cn' ,
                             'members' =>'memberUid'
                             ), //used to create the group based on the ldap properties
     'scope' => 'subtree', // Search scope to use, defaults to subtree ( applies to BOTH user and group mappings )

Explanation of parameters: Template:Tlist Template:TRlistbaseDNGroups Template:TDlistThe base DN to look in for valid groups Template:TRlistfilterGroups Template:TDlistA filter which must pass for this to be a valid group Template:TRlistgroup_mapping_field Template:TDlistAn array of DAViCal field names vs. their LDAP mappings Template:TRlistscope Template:TDlistThe search scope for all LDAP searches(users and groups) |}

Note: the sync operations should be safe to use if you have made changes in LDAP and want those changes reflected in DAViCal.

Troubleshooting

If you do not see a message near the top of the page when syncing try running a search with another ldap tool.

 'baseDNGroups' => 'ou=Groups,dc=company,dc=com',
 'filterGroups' => 'objectClass=posixGroup'
 'scope' => 'subtree'

could be tested with

ldapsearch -h localhost -D "binddn" -W -s sub -b 'ou=Groups,dc=company,dc=com' 'objectClass=posixGroup'