Solved

[LDAP] Group membership set to default when syncing at login

  • 10 April 2024
  • 1 reply
  • 21 views
S
Badge +2

my users are members of A LOT OF GROUPS, so I tried to configure a LDAP filter in the Group Search

ex:

GROUP FILTER -- (&(ObjectClass=Group)(sAMAccountName=%s)(sAMAccountName=XXX_*))

GROUP MEMBER ATTRIBUTE -- member

USER GROUP ATTRIBUTE -- memberOf

 

It works well when I import a user, the groups assigned are correct, only groups starting with XXX_ are shown in the GROUP LDAP and LINKED TO CONTACT GROUPS

 

 

But when the user logs in the LDAP sync occurs, it takes a VERY LONG TIME and all the LINKED TO CONTACT GROUPS is replaced with all the memberships from the Active Directory.

New values retrieved from LDAP

 

Group Ldap same as after import

Is there a way to keep the synchronization filtered ? 

icon

Best answer by samaga777 11 April 2024, 16:32

View original

1 reply

S
Badge +2

I will answer to myself.

The re-population of this field is calculated from centreon.contactgroup table, which was populated from a previous configuration (sAMAccountName=%s in the GROUP FILTER field of the LDAP configuration page) . 

So I deleted all the entries in the table

delete from contactgroup where cg_type='ldap';

And did a new synchronization. The table is now populated with the filtered values, and the LINKED TO CONTACT GROUPS is ok.

Reply


Terms & ConditionsCookie settings