LDAP Group Synchronization Methods
Article ID: KB0079909
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
When enabling Group Synchronization on your Spotfire Server configuration, there are multiple methods of specifying which groups should be synchronized in the 'Group synchronization' > 'Groups' section of your LDAP configuration. Often the groups will be explicitly listed but there are multiple methods for also matching multiple groups which can simplify your configuration.
Example syntax:
Example syntax:
Issue/Introduction
LDAP Group Synchronization Methods
Resolution
These are the different methods available for specifying which groups to synchronize:
Enter the full DN for each group to be synchronized. For example:
Group account name
Enter just the group account name for each group to be synchronized. This will be the value of the the 'Group name attribute' of your group. For example:
Example: This would match the group mySpotfireGroup1 if it has an attribute 'sAMAccountName' which equals exactly 'mySpotfireGroup'.
Group account name with * wildcard
Enter the group account name including * as a wildcard to synchronize multiple groups who match the pattern. For example:
Group context name
Enter just a context name in the 'Groups' list instead of a specific group. This will synchronize all groups under the specified context which match the 'Group search filter'.
For example:
Empty group list
If group synchronization is enabled but no groups or group context names are entered, then this will synchronize all groups under the 'Context Names' as defined in the LDAP configuration.
- Group account DN (distinguished name) - Matches: Single group
- Group account name - Matches: Single group
- Group account name with * wildcard - Matches: All matched groups
- Group context name - Matches: All groups under the specified context
- Empty group list - Matches: All groups under the 'Context Names' as defined in the LDAP configuration
Here is a detailed description of each option:
Enter the full DN for each group to be synchronized. For example:
- CN=mySpotfireGroup1,OU=myGroups,DC=myDomain,DC=com
Group account name
Enter just the group account name for each group to be synchronized. This will be the value of the the 'Group name attribute' of your group. For example:
- mySpotfireGroup1
Example: This would match the group mySpotfireGroup1 if it has an attribute 'sAMAccountName' which equals exactly 'mySpotfireGroup'.
Group account name with * wildcard
Enter the group account name including * as a wildcard to synchronize multiple groups who match the pattern. For example:
- mySpotfireGroup*
- mySpotfireGroup1
- mySpotfireGroup2
- mySpotfireGroupText
- *Spotfire*
Group context name
Enter just a context name in the 'Groups' list instead of a specific group. This will synchronize all groups under the specified context which match the 'Group search filter'.
For example:
- OU=myGroups,DC=myDomain,DC=com
Empty group list
If group synchronization is enabled but no groups or group context names are entered, then this will synchronize all groups under the 'Context Names' as defined in the LDAP configuration.
Additional General Comments:
- All groups must reside under the contexts defined in the "Context names" section of the LDAP configuration in order to be synchronized.
- All groups mentioned above must also successfully match the 'Group search filter' query, like: objectClass=group.
Additional Information
Doc: LDAP authentication and user directory settings
Feedback
Yes
No
Powered by
