Reputation: 1
UnboundID LDAP: memberOf filter not synchronising users
Apologies for the newbie question, fairly new to LDAP and UnboundID.
I currently have an UnboundID filter that synchronises users who belong to an Active Directory group.
--set include-base-dn:cn=Users,dc=testdomain,dc=net --add "include-filter:(memberOf=CN=Application Access,CN=Users,DC=testdomain,DC=net)
The behaviour I am seeing is that when I add a user to the group "Application Access", no Synchronisation occurs.
However if I edit the users AD profile whilst they are a memberOf "Application Access" then the user profile is synchronised.
Is is possible to synchronise users when they join a group?
Thanks in advance.
Upvotes: 0
Views: 561
Answers (1)
Reputation: 11026
In Microsoft Active Directory the MemberOf value is the DN of an entry that the current entry is a member in a Group and is referred to as a Forward Reference.
A Pseudo Attribute Microsoft Active Directory MemberOf is a Pseudo Attribute. This implies You can not monitor the MemberOf attribute for changes (Like with DirXML) Within Microsoft Active Directory MemberOf is flagged as "NO-USER-MODIFICATION" (or System-Only)[1]; This means you can NOT update the attribute. In order to add a user to a group you have to write the user's dn to the member attribute on the group object.
-jim
Upvotes: 0
Related Questions
- UnboundID LDAP memberof-overlay
- UnboundID LDAP SDK: Get all groups for a user
- LDAP query doesn't return correct data from Active Directory
- unboundid ldap SDK how to get all users and exclude a department
- LDAP Filter memberof
- Authenticate an Active Directory user with UnboundID using username
- ldapsearch filter memberOf group returning no results
- Get all AD users except those that are in specific OU LDAPFilter
- Unboundid not returning requested LDAP attributes. Why?
- how to get DN in LDAP with user ID using UnboundID LDAP SDK