You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2024-03-06 15:37:33
- nickkecooper
- Member
- Registered: 2024-01-30
- Posts: 11
Groups LDAP Directory Link
I need a little clarification / help. I have LDAP functioning and currently it just pulls all non-disabled users from the OU I need. I would like to map a user to a statically set group in GLPI. Our active directory has a lot of groups and most don't need to be in GLPI. So I have made static groups. So let's say the active directory user is a memeberof "IT". I want GLPI to look for that and then place them in the Admin group. How can I go about accomplishing this? I tried to do something like this , but it is not working even if I login to the user account. https:// ibb.co/0qzmWCP
Offline
#2 2024-03-06 16:26:37
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,430
- Website
Re: Groups LDAP Directory Link
You should be able to use the Authorization Assignment Rules with a criteria of "(LDAP) MemberOf" and an action for assigning the related GLPI group.
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#3 2024-03-06 17:56:08
- nickkecooper
- Member
- Registered: 2024-01-30
- Posts: 11
Re: Groups LDAP Directory Link
Thank you. So I made the rule but it isn't adding the user to the group. Do I need to do a full resync or what kicks off this rule?
Offline
#4 2024-03-06 18:04:55
- nickkecooper
- Member
- Registered: 2024-01-30
- Posts: 11
Re: Groups LDAP Directory Link
See config here https:// ibb.co/5BtGzFf
Offline
#5 2024-03-06 22:45:40
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,430
- Website
Re: Groups LDAP Directory Link
Typically the rules are run when the user logs in. They should also be run when new users are imported from LDAP or they are synchronized with LDAP. You can test syncing a user in the Synchronization tab of one of the users.
For bulk synchronization, you can use the GLPI CLI command.
From the GLPI folder, running as www-data or whatever your web server user is:
bin/console glpi:ldap:synchronize_users -u
Check the documentation for the supported command line options.
https://glpi-user-documentation.readthe … nize-users
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#6 2024-03-06 22:56:22
- nickkecooper
- Member
- Registered: 2024-01-30
- Posts: 11
Re: Groups LDAP Directory Link
I tried all options listed to update but the user still isn't added to that group. I will try another memberof to see if the * is messing up the sync.
Offline
#7 2024-03-08 16:07:36
- nickkecooper
- Member
- Registered: 2024-01-30
- Posts: 11
Re: Groups LDAP Directory Link
I tried without the * and it is still not working. Any help would be appreciated! Do I need to make the sync work anymore else or is the rules the only place that can place the user into a static group I created in GLPI?
Offline
#8 2024-03-11 21:46:16
- nickkecooper
- Member
- Registered: 2024-01-30
- Posts: 11
Re: Groups LDAP Directory Link
Figured it out! Need to use the distinguishedName not the Display Name. Found resolution at https:// forum.glpi-project.org/viewtopic.php?id=282718
Offline
Pages: 1