Show Posts
136
z/OS Server / Re: Automatic User and Group synchronization with LDAP
« on: November 23, 2018, 10:14:17 AM »
The ARS_LDAP_USER_FILTER should be a query that identifies all users in LDAP that should be imported into CMOD. Same is true for the ARS_LDAP_GROUP_FILTER. Without having any info on your LDAP structure its hard to give an example that will have relevance to your particular setup. We always recommend working with your AD administrator to come up with the appropriate filters. In any case, here is an example that might help....
If you are using AD than your ARS_LDAP_GROUP_MAPPED_ATTRIBUTE will be ARS_LDAP_GROUP_MAPPED_ATTRIBUT=CN (I have yet to be see it something else).
So you might have something like the following:
ARS_LDAP_USER_FILTER=(objectclass=user)
ARS_LDAP_GROUP_FILTER=(&(objectclass=group)(cn=CMOD*))
ARS_LDAP_GROUP_MAPPED_ATTRIBUTE=cn
The above would import ALL user from the baseDN along with any groups that start with CN CMOD. If you are using unix you can use a command like ldapsearch to test your filters. For windows environments I recommend adfind.exe. There are plenty of other tools as well. The key is to test your searches before implementing arslsync. It will make the process much easier.
Thank you,
Rob
If you are using AD than your ARS_LDAP_GROUP_MAPPED_ATTRIBUTE will be ARS_LDAP_GROUP_MAPPED_ATTRIBUT=CN (I have yet to be see it something else).
So you might have something like the following:
ARS_LDAP_USER_FILTER=(objectclass=user)
ARS_LDAP_GROUP_FILTER=(&(objectclass=group)(cn=CMOD*))
ARS_LDAP_GROUP_MAPPED_ATTRIBUTE=cn
The above would import ALL user from the baseDN along with any groups that start with CN CMOD. If you are using unix you can use a command like ldapsearch to test your filters. For windows environments I recommend adfind.exe. There are plenty of other tools as well. The key is to test your searches before implementing arslsync. It will make the process much easier.
Thank you,
Rob