How to add a ldap group-filter for more than one OU?

Andre Lehmann
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 6, 2014

Hi there,

in our ActiveDirectory we have many many OUs with groups we need four our Confluence.

So we have to search the whole Base-DN and have to create a group-search-filter...

I have tried many querys but I didn't get any result :-(

I found: https://confluence.atlassian.com/x/1YUCand tried

(&(objectClass=group)(|(ou:dn:=Chicago)(ou:dn:=Miami)))

but it didn't work.

I tried

(&(objectCategory=Group)(|(distinguishedName=OU=myorgunit1,OU=suborgunit,DC=mydc,DC=de)(distinguishedName=OU=myorgunit2,DC=mydc,DC=de)))

but it didn't work either.

Any idea what is missing?

Kind regards

André

1 answer

1 accepted

1 vote
Answer accepted
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 6, 2014

Hi André,

As for your question about limiting the group search by DN, it would be possible in most LDAP distributions (see Matching Components of Distinguished Names in this documentation). This filter is supported as LDAP-compliant servers support an extensible-match filter which provides the necessary filtering capability to this search (see RFC4511).

However, on Microsoft Active Directory is impossible to do this, it's because AD is not fully LDAP compatible and does not support the extensible-match (see this documentation).

Another option can be use Nested Groups in your LDAP and set a filter in Group Object Filter field as this example:

(&(objectClass=group)(memberOf=CN=Group_A,OU=Groups,DC=Examples,DC=com))

In this example Group_A is the parent group and it wouldn't be pulled to JIRA, this filter would only return its child groups.

I hope it helps.

Cheers

Andre Lehmann
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 8, 2014

Hi Tiago,

thanks for your answer but to add all groups to a specific one ist not possible for that need.

We have moved the group into that OU which is already in read out.

Kind regards.
André

Suggest an answer

Log in or Sign up to answer