Forum Problems Installing LAMS: Importing users via LDAP

Back to Problems Installing LAMS
You may request notification for Importing users via LDAP.	Search:

	1: Importing users via LDAP By: Sau Hu		11/05/09 12:22 AM	[ Reply \| Forward ]
Hi all, I'm trying to import users from Active Directory to LAMS and I've hit a stumbling block regarding Groups. Is it possible to import an AD user that belongs to more than one Group or subgroup? I'm using the LDAPOrgAttr field. Importing a user with one Group is fine but the groups won't appear in the LAMS user account if there are any more than that. I've tried a couple of delimiters to separate the groups like commas and semi-colons but without result. Any help is much appreciated. Thanks, Sau Posted by Sau Hu

	2: Re: Importing users via LDAP By: Jun-Dir Liew	In response to 1	11/05/09 05:20 PM	[ Reply \| Forward ]
Hi, At the moment LDAP users are only placed into a single LAMS group, as you found. But we might be able to add support for multiple groups. Is the LDAP attribute you have listed for LDAPOrgAttr multi-valued? What values for LDAPOrgAttr have you been trying? Depending how it goes and if you're using lams 2.3.2 I might be able to send you a patch with this support. Posted by Jun-Dir Liew

	3: Re: Re: Importing users via LDAP By: Sau Hu	In response to 2	11/05/09 05:42 PM	[ Reply \| Forward ]
Hi Jun-Dir, Thanks for replying. The LDAP attribute I'm using is just a single value key. I've been trying out values like "TestGroup1, TestGroup2" and "TestGroup1; TestGroup2". How would you recommend that it should be done? We're using version 2.3.2 at the moment. Posted by Sau Hu

	4: Re: Re: Re: Importing users via LDAP By: Jun-Dir Liew	In response to 3	11/05/09 07:01 PM	[ Reply \| Forward ]
LDAPOrgAttr should have a single value. In LDAP the user should have an attribute with that name. As I understand it, the users in your case have multiple values for that attribute? Posted by Jun-Dir Liew

	5: Re: Re: Re: Re: Importing users via LDAP By: Sau Hu	In response to 4	11/05/09 08:51 PM	[ Reply \| Forward ]
Oh sorry about that, I misunderstood your question. You're right, LDAPOrgAttr should have a single value. I used the "employeeType" LDAP attribute in LDAPOrgAttr. No particular reason, it was a random choice for testing. The values within LDAP will have multiple values. Posted by Sau Hu

	6: Re: Re: Re: Re: Re: Importing users via LDAP By: Jun-Dir Liew	In response to 5	11/05/09 08:59 PM	[ Reply \| Forward ]
I've raised an issue to get LAMS to support multiple values in that attribute - http://bugs.lamsfoundation.org/browse/LDEV-2451. I'll post here when we have patch for this... Posted by Jun-Dir Liew

	7: Re: Re: Re: Re: Re: Re: Importing users via LDAP By: Sau Hu	In response to 6	11/05/09 09:01 PM	[ Reply \| Forward ]
Thanks! :) Posted by Sau Hu

	8: Re: Re: Re: Re: Re: Re: Importing users via LDAP By: Jun-Dir Liew	In response to 6	11/05/09 09:36 PM	[ Reply \| Forward ]
Attached are two files you can put into your /path/to/jboss/server/default/deploy/lams.ear to include support for multiple ldap group memberships. Please let me know how it goes! Posted by Jun-Dir Liew

	9: Re: Re: Re: Re: Re: Re: Re: Importing users via LDAP By: Jun-Dir Liew	In response to 8	11/05/09 09:38 PM	[ Reply \| Forward ]
1/2 files Posted by Jun-Dir Liew

	10: Re: Re: Re: Re: Re: Re: Re: Re: Importing users via LDAP By: Jun-Dir Liew	In response to 9	11/05/09 09:40 PM	[ Reply \| Forward ]
... I'll just email you the files! Posted by Jun-Dir Liew

Reply to first post on this page

Back to Problems Installing LAMS