5 Replies Latest reply on Mar 28, 2014 10:19 AM by blankenshipr

    AD/LDAP OU Groups

    marcoalabro

      my clients on webhelpdesk are on specific OU in AD, i have other users form another OU that i want to include on my client list. I tried creating a group in my OU and include these users but WHD was not able to query these users. Any suggestions?

        • Re: AD/LDAP OU Groups
          crippsb@hcdsb.org

          Could you not just do two connectors? 

          Connector 1 OU 1

          Connector 2 OU 2

            • Re: AD/LDAP OU Groups
              marcoalabro

              the OU where this certain user belongs to contains more than 1 thousand users, and, there are other users from another OU, i'm avoiding clients that don't belong to my OU.

                • Re: AD/LDAP OU Groups
                  crippsb@hcdsb.org

                  We had a similar cases with other applications and found groups don't help us in situations like this.  What we did was us the extensionAttribute# field(s) and populate it with the word STAFF.  That way we could do more advanced LDAP querys with it. 

                  Our import is simple on our base DN and uses the below search

                  (&(objectCategory=person)(objectClass=user)(extensionAttribute7=STAFF))
              • Re: AD/LDAP OU Groups
                marcoalabro

                hi cripp, your solution is great but we don't have any permissions on users from another OU to edit AD attributes.

                  • Re: AD/LDAP OU Groups
                    blankenshipr

                    To build on crippsb's first solution,

                    1. Create a second connector with a Users DN set to the other OU (e.g. ou=Other Location,dc=domain,dc=local)
                    2. Create a group in your "own" OU that contains users that you need from the other OU (e.g. cn=Outside Helpdesk Users,ou=My Location,dc=domain,dc=local)
                    3. Set the Search Filter on this second OU connection to (&(objectCategory=person)(objectClass=user)(memberOf=cn=Outside Helpdesk Users,ou=My Location,dc=domain,dc=local))

                    This should find all members of the "Other Location" that are members of the group called "Outside Helpdesk Users" which you have created within your own OU. This should not require any permissions for you to modify the other OU.

                     

                    An alternative solution would be to modify your original connector by expanding your Users DN base to include the next higher up part of the tree, perhaps the domain root. Set your search filter to a group you create in your own OU that contains ALL of your clients, both those who are contained in your OU and in the other OU.