Hi ,
I am trying to integrate LDAP in ARIS 9 and I am able to make a connection between ARIS and LDAP system.
Regarding the user group details,I have given the below details in the UMC Configuration
User Search Path: OU=Hosting,dc=dir,dc=example,dc=com
User search filter : (&(sAMAccountName=*))(&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))
I have activated the LDAP also.
But when tried to import the users I'm getting the message as Zero users imported. I have checked the user group and it contains 3 users.
I have also tried to run the LDAP batch file(y-ldapsync.bat) which is available in
D:\softwareAG\ARIS9.8\server\bin\work\work_umcadmin_m\tools\bin using command prompt I get the same message.
Below is the command used to import the users,
y-ldapsync.bat -s http://my_aris_host.com -t default importUsers -u system -p manager -f (cn=userID)
Can anyone please tell me if I have missed out anything and why I'm getting zero users while importing.
Thanks and Regards,
Chethan Rao.
Hello Chetan,
apart from one too many parenthese
(&(sAMAccountName=*) ) (&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))
your User search filter should only specify the memberOf attribute, not the (objectclass=group) term:
(&(sAMAccountName=*)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))
i.e. take any Account Name that is member of <Usergroup>...
re y-ldapsync.bat
parameter -f should be the same User search filter, but I do not know if special characters must be masked like "\=" as you can see in the UMCConfig.properties file exported from UMC.
-f (cn=userID) looks like the example from the Admin Guide, but there userID is a placeholder for a real Account Name in your directory service
the 2nd Admin Guide syntax example states "...-f (cn=*)" in order to import all users from a LDAP directory.
Hope this helps, Martin
Hi Martin ,
Thanks for the solution, I have tried the User search filter suggested by you but still the result is the same(0 users were imported).
In addition I tried to find all the users irrespective of groups, by just giving the user search path without the group filter and I was able to see all the users. It is something in the search filter which is not correct.
Regards,
Chethan Rao.
Hello CHETHAN RAO!
Could you please share your filter? We have the same problem and we cant find the solution.
When we try to run the default filter (&(sAMAccountName=*)) on AD machine we are able to see the users but when we try the same filter on umc (import LDAP) we are not.
Regards,
Dilcarina Duarte