The "Edit External Groups" button in TIBCO Data Virtualization does not list all of the expected LDAP groups
Article ID: KB0073929
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 7.0 and higher |
Description
The "Edit External Groups" button in TIBCO Data Virtualization does not list all of the expected LDAP groups.
Issue/Introduction
The "Edit External Groups" button in TIBCO Data Virtualization does not list all of the expected LDAP groups
Resolution
The steps below may be used to identify the cause and resolve the issue.
1. Obtain the distinguishedName attribute value for one of the missing groups.
For purposes of illustration, let us say that:
as shown below:
2. Back up the file <TDV_INSTALL>\conf\server\ ldap.properties.
3. Open ldap.properties with a text editor, and locate the two group search context filters. In the case of Active Directory, the filters are:
activedirectory.all.groups.search.context=cn=users
activedirectory.user.groups.search.context=cn=users
Leaving out the CN and the DC fields in the distinguishedName, append any other fields to the above filters, separating them with a "|" symbol as shown below:
activedirectory.all.groups.search.context=cn=users | OU=Groups
activedirectory.user.groups.search.context=cn=users | OU=Groups
The "|" is an OR symbol. It is okay to add redundant or incorrect filters separated by "|" as this will not affect the LDAP search. The reason is that an OR operation tells the LDAP server to use any correct pattern matches, and ignore any incorrect ones. Therefore, if you have doubts as to what fields to add, you can add extra fields.
Many companies use two or more OU attributes (like OU=Domain Users, OU=IT Testing) in the group's distinguishedName. If this is the case, the modified filters will appear similar to the ones below:
activedirectory.all.groups.search.context=cn=users | OU=IT Testing | OU=Domain Users | OU=Groups
activedirectory.user.groups.search.context=cn=users | OU=IT Testing | OU=Domain Users | OU=Groups
4. Save the change, and try the "Edit External Groups" button once again (there is no need to restart TDV for the changes to take effect). If the issue is being caused by the two group context filters, the missing group will be displayed as shown below.
5. If this does not resolve the issue, examine the values of the remaining group filters shown below to ensure that they match with the attributes of the missing group:
activedirectory.all.groups.filter=(&(objectclass=group)(objectCategory=group))
activedirectory.all.groups.groupname.attribute=cn
activedirectory.user.groups.filter=(&(member=USERDN)(objectclass=group)(objectCategory=group))
activedirectory.user.groups.groupname.attribute=cn
Ignore the member= USERDN field, as this represents an internal TDV-specific variable.
1. Obtain the distinguishedName attribute value for one of the missing groups.
For purposes of illustration, let us say that:
- The LDAP server is Active Directory.
- The missing group is "EVgroupKanter".
- The group's attribute value is:
as shown below:
2. Back up the file <TDV_INSTALL>\conf\server\ ldap.properties.
3. Open ldap.properties with a text editor, and locate the two group search context filters. In the case of Active Directory, the filters are:
activedirectory.all.groups.search.context=cn=users
activedirectory.user.groups.search.context=cn=users
Leaving out the CN and the DC fields in the distinguishedName, append any other fields to the above filters, separating them with a "|" symbol as shown below:
activedirectory.all.groups.search.context=cn=users | OU=Groups
activedirectory.user.groups.search.context=cn=users | OU=Groups
The "|" is an OR symbol. It is okay to add redundant or incorrect filters separated by "|" as this will not affect the LDAP search. The reason is that an OR operation tells the LDAP server to use any correct pattern matches, and ignore any incorrect ones. Therefore, if you have doubts as to what fields to add, you can add extra fields.
Many companies use two or more OU attributes (like OU=Domain Users, OU=IT Testing) in the group's distinguishedName. If this is the case, the modified filters will appear similar to the ones below:
activedirectory.all.groups.search.context=cn=users | OU=IT Testing | OU=Domain Users | OU=Groups
activedirectory.user.groups.search.context=cn=users | OU=IT Testing | OU=Domain Users | OU=Groups
4. Save the change, and try the "Edit External Groups" button once again (there is no need to restart TDV for the changes to take effect). If the issue is being caused by the two group context filters, the missing group will be displayed as shown below.
5. If this does not resolve the issue, examine the values of the remaining group filters shown below to ensure that they match with the attributes of the missing group:
activedirectory.all.groups.filter=(&(objectclass=group)(objectCategory=group))
activedirectory.all.groups.groupname.attribute=cn
activedirectory.user.groups.filter=(&(member=USERDN)(objectclass=group)(objectCategory=group))
activedirectory.user.groups.groupname.attribute=cn
Ignore the member= USERDN field, as this represents an internal TDV-specific variable.
Feedback
Yes
No
Powered by
