LDAP user groups?

Started by Millenium7, August 28, 2018, 11:14:30 AM

Previous topic - Next topic

Millenium7

I've finally got LDAP (Active Directory) sync working

Question I have now which I can't find an answer to, is can NetXMS also sync the user groups? or have another way to give users permissions?
Right now it syncs the users but they have no permissions, so I have to go in later and assign them. I don't mind doing this once off but if we add/remove staff i'll have to adjust permissions in NetXMS as well and this I don't want to do

I'd rather just assign them into a group in Active Directory that controls permissions, i.e. 'low clearance' or 'high clearance' user groups. And thus low clearance users can log into NetXMS, view information but not change it. High clearance become admins etc

Tatjana Dubrovica

Yes you can synchronize also groups from LDAP (just use correct LdapSearchFilter and LdapGroupClass). In case of Windows AD LdapGroupClass should be "group". You also can create groups in NetXMS and add LDAP users under NetXMS groups. If as LdapUserUniqueId and LdapGroupUniqueId   "objectGUID" will be used, then even if you will move users or groups in LDAP they will be considered as the same users even though they have different DN.

Millenium7

#2
Ok, I'm still quite new to LDAP so can you provide a bit more information on getting the user groups to import?

The structure at the moment is quite simple. I created 2 other Organisational Groups just to clear the clutter and see only the users/groups I create and none of the built in ones

Domain
--CompanyUsers
--CompanyGroups

At the moment the config looks like this


I understand I would have to change the LdapSearchBase up 1 level (or maybe just move the groups OU into CompanyUsers) but just to try it out I simply moved all the user groups into the 'CompanyUsers' OU and they didn't show up when doing an ldapsync. So is there something else wrong with my syntax?

Tatjana Dubrovica

Multiple search bases can be used separated by semicolon (;) symbol.
Configuration looks OK. You can check server log on 4 lvl.