(OO) Support Tip: AD authentication using group nesting.

If you are working with Microsoft Active Directory in OO 10.x and you work with group nesting, you will find that it doesnt work as expected out of the box.

And this is because the Users Filter that comes out of the box looks like:

                                                  (&(objectclass=person)(sAMAccountName={0}))

In order to be able to work with nested groups you need modify the filter:

 (&(|(objectclass=groupofuniquenames)(objectclass=group)(objectclass=groupOfNames))(|(uniqueMember={0})(member:1.2.840.113556.1.4.1941:={0})))

 

 

Tags: