LDAP integration in ARIS

Last activity on October 1, 2023 - 11:21 18.8k Views 3 Replies Professional ARIS

CR

CHETHAN RAO on December 8, 2016

Hi ,

I am trying to integrate LDAP in ARIS 9 and I am able to make a connection between ARIS and LDAP system.

Regarding the user group details,I have given the below details in the UMC Configuration

User Search Path: OU=Hosting,dc=dir,dc=example,dc=com

User search filter : (&(sAMAccountName=*))(&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))

I have activated the LDAP also.

But when tried to import the users I'm getting the message as Zero users imported. I have checked the user group and it contains 3 users.

I have also tried to run the LDAP batch file(y-ldapsync.bat) which is available in

D:\softwareAG\ARIS9.8\server\bin\work\work_umcadmin_m\tools\bin using command prompt I get the same message.

Below is the command used to import the users,

y-ldapsync.bat -s http://my_aris_host.com -t default importUsers -u system -p manager -f (cn=userID)

Can anyone please tell me if I have missed out anything and why I'm getting zero users while importing.

Thanks and Regards,

Chethan Rao.

Sign in or register to reply.

Notify Moderator

3 Replies

Martin Schröder on December 9, 2016
Hello Chetan,

apart from one too many parenthese

(&(sAMAccountName=*) ) (&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))
your User search filter should only specify the memberOf attribute, not the (objectclass=group) term:

(&(sAMAccountName=*)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))
i.e. take any Account Name that is member of <Usergroup>...

re y-ldapsync.bat

parameter -f should be the same User search filter, but I do not know if special characters must be masked like "\=" as you can see in the UMCConfig.properties file exported from UMC.

-f (cn=userID) looks like the example from the Admin Guide, but there userID is a placeholder for a real Account Name in your directory service

the 2nd Admin Guide syntax example states "...-f (cn=*)" in order to import all users from a LDAP directory.

Hope this helps, Martin
Like

Sign in
or register to reply.

Notify Moderator
CR

CHETHAN RAO Author on December 19, 2016 as Reply to Martin Schröder

Hi Martin ,

Thanks for the solution, I have tried the User search filter suggested by you but still the result is the same(0 users were imported).

In addition I tried to find all the users irrespective of groups, by just giving the user search path without the group filter and I was able to see all the users. It is something in the search filter which is not correct.

Regards,

Chethan Rao.

Like

Sign in
or register to reply.

Notify Moderator
Dilcarina Duarte on May 25, 2017 as Reply to CHETHAN RAO

Hello CHETHAN RAO!

Could you please share your filter? We have the same problem and we cant find the solution.

When we try to run the default filter (&(sAMAccountName=*)) on AD machine we are able to see the users but when we try the same filter on umc (import LDAP) we are not.

Regards,

Dilcarina Duarte

Like

Sign in
or register to reply.

Notify Moderator

Upcoming events

Thursday, June 12, 2025 - 09:00

ARIS Super User Group Meeting

Sign in

Reset Password