LDAP Settings Search Base unable to search for members of a group
Answered
We are a school district with over 6500 cameras split across 60 VM servers. Currently using DW Spectrum version 5.0.0.36871 and have all users setup using LDAP.
The issue is our Active Directory structure is setup where all of our users are not withing one OU and rather seperated by many different OU based on thier campus location. Currently using for our Search Base is just our DC=KATYISD,DC=ORG which results in 242543 users which most are students or generic accounts. I use the search filter CN=Users ID# to be able to fetch and add the user which works but is very time consuming if I need to add multiple users. We do have a OU that has just our staff in it but the prombem is there are just "Members" of a CN and if I add the complete DN in the search it shows 0 users found. I have even tried to add as a serarch filter memberOf=.
I know the members exist which I can see using Softerra LDAP Browser and not sure if it matters but all the users I need have under the Name column "member;range=0-1499" but under the Value column it has their full CN=
-
Update: Leaving my Search Base as just DC=KATYISD,DC=ORG and then for the Search Filter as Title=Staff, I was able to reduce the found users from 242543 down to 18653 which is a lot closer to actual staff members not including all the student accounts. Realistically the user total is closer to 16500 but for now this will work. Still curious to know if there is a way to search for member of a group.
Also have an additional question, when times I do need to change the Search Base I got a warning "Changing any LDAP settings other than "Search Filter" will result in connectivity loss for all LDAP fetched users". Does that mean any LDAP users that had been previousely connected won't be able to connect or just those that are newly searched for?
0 -
Hi Scott Donahue,
I hope this message finds you well. While reviewing our community discussions, I noticed that there hasn't been a response from other community members regarding your query. Could you please confirm if your question is still relevant? If so, I'd be more than happy to explore ways we can assist you.
Best regards.
0 -
Thank you for checking on this. I had added an Update at the top of my post and for now, this is working fine and really the issue is how our active directory is organized. By adding Title=Staff as the search filter I now only see what I want which is the staff accounts and not the 95k + student accounts and over 100k + guardian accounts so it is managable.
I do have a follow up question in regards to Cloud accounts which currently only work from an email account. Will there be an option in future versions where LDAP will work for Cloud user accounts as we require staff to update their passwords every 90 or 120 days which unless I'm mistaken the cloud accounts we can't control that aspect. Would also be very helpful that when a staff members LDAP account has been changed to Recently Disabled that it would also disable the users access within DW.
Thanks,
Scott
0 -
Hi Scott Donahue,
I'm delighted to hear that everything is currently running smoothly.
For any requests or suggestions you may have, I encourage you to share your thoughts in our Feature Feedback section. Our Product Team regularly reviews the feedback posted there. Thank you!
0
Please sign in to leave a comment.
Comments
4 comments