jqueiroz Contributor.
Contributor.
672 views

Help with Dynamic Groups


Hi all,

I need to create a dynamic group, whose members are everyone on my
organization, except members from two other [static] groups.

Is it possible? If so, does anyone knows which attributes I must use to
filter this memberships?

Thanks in advance.


--
jqueiroz
------------------------------------------------------------------------
jqueiroz's Profile: https://forums.netiq.com/member.php?userid=5242
View this thread: https://forums.netiq.com/showthread.php?t=55773

Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Help with Dynamic Groups

jqueiroz wrote:

> Is it possible? If so, does anyone knows which attributes I must use to
> filter this memberships?


yes, specify a search filter like

(&(!(groupMembership=cn=ExcludedUsers1,ou=groups,o=data))
(!(groupMembership=cn=ExcludedUsers2,ou=groups,o=data)))

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
jqueiroz Contributor.
Contributor.

Re: Help with Dynamic Groups


I tried it, but iManager says that's a syntax error on the filter
expression.


--
jqueiroz
------------------------------------------------------------------------
jqueiroz's Profile: https://forums.netiq.com/member.php?userid=5242
View this thread: https://forums.netiq.com/showthread.php?t=55773

0 Likes
Knowledge Partner
Knowledge Partner

Re: Help with Dynamic Groups

jqueiroz wrote:

> I tried it, but iManager says that's a syntax error on the filter
> expression.


You can set memberQueryUrl via LDAP dirctly, which is easier than that
expression builder in iManager, IMHO. If using iManager, though, you need to
specify the group DNs (lik ethe attribute names) in NDAP syntax, probably
CN=group.O=data. LDAP syntax will not work.

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Highlighted
jqueiroz Contributor.
Contributor.

Re: Help with Dynamic Groups


Well, gave it some more care, and finally worked.

By the way, in the process, I found some attributes I could use to match
our users with the appropriate group, so the memberShip comparison
became unnecessary.

Thanks for your attention!


--
jqueiroz
------------------------------------------------------------------------
jqueiroz's Profile: https://forums.netiq.com/member.php?userid=5242
View this thread: https://forums.netiq.com/showthread.php?t=55773

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.