You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
#1 2011-05-18 17:50:38
- slinx
- Member
- From: Cleveland, Ohio
- Registered: 2011-01-05
- Posts: 32
Rules for assigning an entity to user from LDAP regular expression
Hello,
I want to create a rule to assign by default an entity to a user. Can I have the entity created when the user is imported? I want the Entity to be created with the same name as the OU, with the parent entity being O... how can I create a regular expression from ldap to assign the entity?
Thank you!
GLPI 0.78.4
Offline
#2 2011-05-18 18:08:07
- wawa
- GLPI-DEV
- From: Montpellier / France
- Registered: 2006-07-03
- Posts: 6,019
- Website
Re: Rules for assigning an entity to user from LDAP regular expression
hello
no it's not possible, you have to create entities first, and then setup the rules
Offline
#3 2011-05-18 18:11:35
- slinx
- Member
- From: Cleveland, Ohio
- Registered: 2011-01-05
- Posts: 32
Re: Rules for assigning an entity to user from LDAP regular expression
OK, but how do I assign the rules? I cannot get a user assigned to any other than root entity. I can't even figure out how to assign an entity to a user manually, even though I must have done it before.
Offline
#4 2011-05-18 18:14:49
- wawa
- GLPI-DEV
- From: Montpellier / France
- Registered: 2006-07-03
- Posts: 6,019
- Website
Re: Rules for assigning an entity to user from LDAP regular expression
Manual assignation :
- edit the user, and in the first tab, select and entity, a profile, it authorization is recursive or not
Automatic assignation :
- Administration > Rules > Entities and rights rules
- you create a rule, the matches some ldap criteria and then you declares actions (assign an entity and a profile is necessary)
each time a user is resynchronized or logs into glpi automatic authorization are processed again
Offline
#5 2011-05-18 21:44:17
- slinx
- Member
- From: Cleveland, Ohio
- Registered: 2011-01-05
- Posts: 32
Re: Rules for assigning an entity to user from LDAP regular expression
Manual assignation :
- edit the user, and in the first tab, select and entity, a profile, it authorization is recursive or notAutomatic assignation :
- Administration > Rules > Entities and rights rules
- you create a rule, the matches some ldap criteria and then you declares actions (assign an entity and a profile is necessary)each time a user is resynchronized or logs into glpi automatic authorization are processed again
Wawa, my problem is, I cannot see the users in the Entity scope to which I want to assign them.
As for rules, it is not clear what fields are meant in the LDAP dropdown list - what does "(LDAP)Department Number" correspond to? We don't have a "department number," we just have a "department" which is a text field. It would be fantastic if the fields presented were actually pulled from the LDAP directory, so I could know exactly which field the rule is looking at.
Also, I don't understand the Assign "Entity from LDAP"? What am I supposed to enter for "assign the value from regular expression". I know what regexps are, but what exactly is being parsed from LDAP?
Thanks so much for your help.
Offline
#6 2023-05-19 13:42:46
- Changemanager
- Member
- Registered: 2023-02-21
- Posts: 40
Re: Rules for assigning an entity to user from LDAP regular expression
Manual assignation :
- edit the user, and in the first tab, select and entity, a profile, it authorization is recursive or notAutomatic assignation :
- Administration > Rules > Entities and rights rules
- you create a rule, the matches some ldap criteria and then you declares actions (assign an entity and a profile is necessary)each time a user is resynchronized or logs into glpi automatic authorization are processed again
Hello it is no running for me on 10.0.7.
I hace Ldaps users imports, and Entitie TAG in advanced information (Information in inventory tool (TAG) representing the entity), Rules in "Entities and rights rules", if user is member of... then "asgin Entity from TAG "the value from regular expression" and I write TAG,
not working...
With selected entities on asignemt it's Okey.
thank you.
Offline
#7 2023-05-23 11:37:35
- Testpilot4
- Member
- Registered: 2023-03-09
- Posts: 3
Re: Rules for assigning an entity to user from LDAP regular expression
Hello Changemanager,
You can find the 'DepartmentNumber' inside the attribute list of your AD objects. The departmentnumber attribute can be chosen as a option in GLPI Rules. You can create a rule to assign the specific department number to a specific Entity or Sub Entity during import of AD users.
We used this once we found out domain names rules will not give us much import control.
First you create the entity or subentity
Second you update the attributes in AD, with this powershell command you can automatically assign a department number to a entire OU, change the value to correspond to your OU & Departmentnumber.
Company: consanto.com
Department: HumanRelations
Subdepartment: Subdevision1
DepartmentNumber: 209 (you can chose this number yourself, but make sure not to use the same number for different OU's)
Get-ADUser -Filter * -SearchBase "OU=Subdevision1,OU=HumanRelationsDC=consanto,DC=com" -Properties departmentNumber | Set-ADUser -Replace @{departmentNumber="209"}
Third, inside GLPI you create a new rule with this criteria, make sure to enable the rule:
(LDAP)Department Number is 209
With the action being adding it to the new entity or Subentity and adding a profile for self-serivce.
The last step is to import the user and the rule will be enforced.
Or if you already have the user imported in your Root entity you delete and re-run import or force a synchronization for this existing user.
Last edited by Testpilot4 (2023-05-23 11:40:14)
Offline