Stratusphere LDAP/AD Import - Import Only Specific Groups and Members:
First set up basic LDAP/AD import as specified in this KB: https://www.liquidware.com/support/articles/210641663-Basic-Stratusphere-LDAP-AD-Import-Procedure
Microsoft AD: Syntax Filters KB: Active Directory: LDAP Syntax Filters - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com)
IMPORTANT:
- Directory import will not import just the specified OU under the User Search Filter.
- A security group has to be specified from with in that OU, ie:
(&(objectClass=person)(!(objectClass=computer))(!(objectClass=contact))(|(memberOf=CN=MH-Admins,OU=MH-Users,OU=MH,OU=Support,DC=spt,DC=lwl,DC=corp)))
- You will need to also isolate the security group object to be imported, as well under the Group Seach Filter, otherwise all of the security group objects will be imported from AD, ie:
(&(objectClass=group)(|(CN=MH-Admins)))
Once you have the basic LDAP/AD import set, we can set the User Search Filter, User Search Base, Group Search Filter, and Group Search Base to import specific groups and their members.
First, identify the users and the groups you want to import, and locate their distinguished names. For example, I want to import group called Stratusphere Administrators and VMware Administrators and their members only. Stratusphere Administrators group it has members John Smith and Mary Johnson, and VMware Administrators group has Mike Williams and Robert Brown. I list out their distinguished names to identify how I set my user/group search filter and search base:
Stratusphere Administrators: cn=Stratusphere Administrators, ou=Application Administration, ou=IT Department, dc=example, dc=com
VMware Administrators: cn=VMware Administrators, ou=Infrastructure Administration, ou=IT Department, dc=example, dc=com
John Smith: cn=John Smith, ou=IT Team, ou=NYC, ou=Branches, dc=example, dc=com
Mary Johnson: cn=Mary Johnson, ou=IT Team, ou=DC, ou=Branches, dc=example, dc=com
Mike Williams: cn=Mike Williams, ou=IT Team, ou=NYC, ou=Branches, dc=example, dc=com
Robert Brown: cn=Robert Brown, ou=IT Team, ou=DC, ou=Branches, dc=example, dc=com
The config should look like the following (changes are in bold):
In Directory Properties:
Base DN: dc=example, dc=com (as this is the only common part between the users and the groups)
Under Advanced User and User Group Properties:
User Search Filter: (&(objectClass=person)(!(objectClass=computer))(!(objectClass=contact))(|(memberOf=cn=Stratusphere Administrators, ou=Application Administration, ou=IT Department, dc=example, dc=com)(memberOf=cn=VMware Administrators, ou=Infrastructure Administration, ou=IT Department, dc=example, dc=com))) (add in member of Stratusphere Administrator group OR member of VMware Administrators group)
Alternatively for individual User Import:
User Search Filter: (&(objectClass=person)(!(objectClass=computer))(!(objectClass=contact))(|(memberOf=cn=Stratusphere Administrators, ou=Application Administration, ou=IT Department, dc=example, dc=com)(memberOf=cn=VMware Administrators, ou=Infrastructure Administration, ou=IT Department, dc=example, dc=com)(cn=John Smith))) (add in individual user cn as long as they are part of the BASE DN specified above)
User Search Base: ou=Branches (users' common path above base DN)
Group Search Filter: (&(objectClass=group)(|(cn=Stratusphere Administrators)(cn=VMware Administrators))) (Search and only import groups named Stratusphere Administrator OR VMware Administrator)
Group Search Base: ou=IT Department (groups' common path above base DN)
Enter your Administrator Password again and click on Save Changes. Import the users again and you will see only the specified groups and their members imported
Product: Stratusphere FIT/UX
Product Version: All
Expires on: 365 days from publish date
Updated: March 29, 2016