Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Guido Pinamonti Absent Member.
Absent Member.
2505 views

LDAP Import of Users in Active Directory Group

We are upgrading to HPQC ALM 11 (11.52.496.0) and I would like to import Active Directory users using the membership of an AD group.  I have set up the LDAP Import Settings with the base directory and a base filter of objectClass=user and can import users without issue. How does one only import the users that are members of a specific AD group? 

Tags (1)
0 Likes
8 Replies
Established Member.. William Schmitt
Established Member..

Re: LDAP Import of Users in Active Directory Group

Add memberOf=CN=SomeGroup to your ObjectClass=User filter.

0 Likes
Guido Pinamonti Absent Member.
Absent Member.

Re: LDAP Import of Users in Active Directory Group

Could I get the precise syntax for this? My directory base is ou=groups,ou=hq,dc=company,dc=com. My base filter is (objectClass=user)(memberOf=CN=AppHPQProdAdmins). I've seen some articles that reference &(objectClass=user)(memberOf=CN=AppHPQProdAdmins).  Once this is set, if I go into Import LDAP Users by Filter, should I see all of the users in the group? I don't see anything. Do I need to click on the Filter icon to add some other criteria?

0 Likes
Established Member.. William Schmitt
Established Member..

Re: LDAP Import of Users in Active Directory Group

For base filter, try using

(&(objectClass=user)(memberOf=CN=AppHPQProdAdmins,OU=groups,OU=hq,DC=company,DC=com))

 

Or you can add the memberOf part with the Filter icon once it returns all users.  I think you were just missing the &. 

0 Likes
Super Contributor.. wjm8914 Super Contributor..
Super Contributor..

Re: LDAP Import of Users in Active Directory Group

When I use this filter, I can see the group but not the users in the group.

 

I can input the Group as a User but that doesn't allow the users access.

 

0 Likes
AdamCyb Respected Contributor.
Respected Contributor.

Re: LDAP Import of Users in Active Directory Group

Hello,

Have you found solution?

I'm facing exactly the same problem.

 

 

0 Likes
Contributor.. SimonDi Contributor..
Contributor..

Re: LDAP Import of Users in Active Directory Group

I am having the same issue.

Tried various ways to do this and if restrict to the group i can see that, but once i attempt the "memberOf" as configured in earlier responses, i don't receive any data back.

Being able to provide automatic access via AD Group will speed up the configuration and uptake of the tool

0 Likes
Schall Outstanding Contributor.
Outstanding Contributor.

Re: LDAP Import of Users in Active Directory Group

that filter looks fine.

if still have any issue, the best source would be your LDAP admins.

few example of base filters:

 1)    "(objectClass=*)“ =>  All objects.

2)   "(&(objectCategory=person)(objectClass=user)(!cn=andy))“ => All user objects but "andy“.

   "(sn=sm*)“ => All objects with a surname that starts with "sm".

3) "(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))“ => All contacts with a surname equal to "Smith" or "Johnson".

4)  (&(memberOf=CN=Domain Users,OU=ou2,OU=ou1,DC=subdomain,DC=domain,DC=com)(objectcategory=person)

 

Cheers
-------------
When your problem has been solved, accept the solution by clicking the "Accept as Solution" button to help other members in the future!

Clicking the "Kudos star" is a great way to say thanks! 🙂
--------------
Contributor.. SimonDi Contributor..
Contributor..

Re: LDAP Import of Users in Active Directory Group

So we found a way around this with the help of the Micro-Focus team, who created a Macro within an XLSM sheet and working alongside an AD extract.
Not the prettiest or easiest way it should work but it does work non-the-less and controlled by Powershell

We extract the users in a set format from the assigned AD Group and create a temp file.
Then we replace the users in the XLSM template (as we dont want to lose the Macros)
Next we run the Macro against the ALM site to compare the existing members with the data in the file.
Any NEW additions in the file are added into ALM... Any Account NOT in the file are marked as Disabled in ALM.

All this does require us to ensure we are not breaking any Security protocols or policies so it is a balancing act.
Would be nice to see an enhanced workable solution implemented in future as this would ease administration time.

Cheers

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.