I am trying to authenticate users via LDAP. My users are in abc.com->Computer departement->System Departement->Networking Departement. In Neworking Department there is a group Netdep. But my users are in Networking Departement.
When I search the group then It is showing me only abc.com->Computer departement->System Departement->Networking Departement->Netdep. But I need abc.com->Computer departement->System Departement->Networking Departement. I used depth option also but no luck.
Can any one explain me AD/LDAP supports users in OU? What I am missing?
The SA's do hierarchial LDAP searches.
The two things to consider are what is looking for and what access does the binding account
have to LDAP.
In looking for an LDAP group
Groups ... -> Search ...
The SA unit is looking for objects with an objectclass of 'groupofUniqueNames' or 'groupOfNames' or 'posixGroup'
it expects the entry to have a CN - does your object/group match these conditions?
I have a similar issue. I am using ADAM for my ldap, and my SSG firewalls auth fine, but when I try to auth the same user in the SA, it isn't found in the searches?
My users do have a CN.
That is an interesting problem. If you try and create a role mapping based on group membership it will fail as your users are members of the OU "Networking Department" but not the Group "Netep" - Correct?
You can't use the attribute "member-of" as that also only applies to groups. I am assuming you have some reason why you don't want to use groups and need to use an OU match instead.
Have you tried testing using the distinguishedName attribute? That attribute is the only one that I know of that would contain the full string with the OU.
Maybe there is a custom expression that could be written based on that. Just a thought.