Hello, the administrator filter for both the group and the user does not work for us, although the authorization and synchronization of ordinary users is successful.
User search base: OU=ORG,DC=org,DC=ru
Administrator filter:(&(sAMAccountName=Novikov)(OU=Users,OU=2882,OU= ORG,DC=org,DC=ru))
User Filter: (sAMAccountName=%s)
Same here, have you been able to find why. Here are my User and Admin LDAP query
(&(objectCategory=Person)(memberOf=CN=Users_GIT,OU=AEP,DC=ad,DC=aep,DC=com)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
(&(objectCategory=Person)(memberOf=CN=Admin_GIT,OU=AEP,DC=ad,DC=aep,DC=com)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
Working for user, not working for admin, even if user is in both group, it will not turn on admin priviliges
Martin
I’m by far no expert, but:
- Have you tried
Admin_GIT
without underscore likeAdmin-GIT
? - Does the log show something about the authentication?
- I think the admin query/filter is just for filtering admins (additionaly to the user filter, not generally if a user can sign in), so in this case you might remove the
objectCategory
,UserAccountControl
,sAMAccountName
attribute-filters.
PS: maybe use codeblocks like below, to enhance the readability of the ldap queries etc.
(memberOf=CN=Admin_GIT,OU=AEP,DC=ad,DC=aep,DC=com)
Daniel,
Simplifying the query work as expected! Thank you very much. This simplified admin query did the job, still not sure the first query worked to populate my users and the admin didn’t.
Martin
Great to hear success.
Maybe the variable %s
doesn’t get resolved in the admin filter and so it can’t find anyone named “%s”.