Get groups by requesting the memberOf property of the users

Question

Get groups by requesting the memberOf property of the users

mdouchin opened this issue 2 years ago · 2 comments

Hi,

I must sync with an Active Directory server which does not return any member when requesting the groups details, but instead adds a memberOf property when requesting a user details.

The user entry has an 'memberOf' attribute value for each group (as opposed to the group having a 'member' attribute value for each user)

If I understood correctly, pg-ldap-sync cannot yet use this user memberOf property, but expects the group member property ?

Answer 1 · 2023-03-21T08:57:01.000Z

You're right - pg-ldap-sync needs the member property and can not (yet) work with memberOf.

We're using two separate Active Directory trees and they both have the member property. Is it something that can be enabled?

Answer 2 · 2023-03-21T09:55:43.000Z

Thanks for your answer.
I will ask the Active Directory manager to see if the member property could be added. I hope it would be easy.