AD group restrictions
-
bradlanham
- Posts: 1
- Joined: Wed Apr 22, 2015 8:46 pm
AD group restrictions
Hi, I would like some advise on configuring the 'zimbraExternalGroupLdapSearchBase' and 'zimbraExternalGroupLdapSearchFilter' attributes. I have configured external AD authentication and it is working as expected. I would however further like to restrict users to a particular AD group and I assume these attributes are involved. I have tried populating the fields with values but they do not seem to have any effect. In fact I can enter 'Mary has a little lamb' and do not receive any warnings or change in authentication behaviour. Users not in that group are able to authenticate regardless. Thanks for your help.
-
oetiker
- Outstanding Member
- Posts: 275
- Joined: Fri Mar 07, 2014 1:05 pm
- Location: Switzerland
- ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
- Contact:
Re: AD group restrictions
Hi
Did you find the right syntax?
Manuel
Did you find the right syntax?
Manuel
Re: AD group restrictions
Maybe something like:
zimbraExternalGroupLdapSearchBase: OU=MyUsers,DC=network,DC=domain,DC=org
zimbraExternalGroupLdapSearchFilter: (&(objectClass=organizationalPerson)(memberOf=CN=Application Users - Zimbra,OU=Software Access,OU=Groups,OU=MyUsers,DC=network,DC=domain,DC=org))
zimbraExternalGroupLdapSearchBase: OU=MyUsers,DC=network,DC=domain,DC=org
zimbraExternalGroupLdapSearchFilter: (&(objectClass=organizationalPerson)(memberOf=CN=Application Users - Zimbra,OU=Software Access,OU=Groups,OU=MyUsers,DC=network,DC=domain,DC=org))