Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10400

When configuring a new LDAP Connector config for AD using the Admin UI, the groupMembership, groupType, and groupScope attributes in the user schema are not set up properly


    • Target Version/s:
    • Verified Version/s:
    • Story Points:
    • Sprint:
      OpenIDM Sprint 6.5-8, OpenIDM Sprint 6.5-9
    • Support Ticket IDs:


      In regards to "This is the LDAP Connector connecting to AD."

      When creating a new LDAP connector configuration for AD the admin UI doesn't setup the group membership, groupType, and groupScope attributes in the user schema properly. It also doesn't set vlvSortAttribute appropriately.

      1. The admin UI configures the user schema with a "member" attribute mapped to "memberOf" rather than using the virtual attribute "ldapGroups". This causes the connector to use replace semantics (removing and re-adding all group members) rather than patch semantics. It should use ldapGroups so roles with group assignments and mappers work properly.

      2. In 5.0 the admin UI adds groupType attribute, as an integer, when creating new configuration. With 5.5, groupType is still being added as an integer, but this no longer works. The documentation for 5.5 mentions groupType and the new groupScope attribute. These should be added to the configuration by default as follows instead of the old invalid integer groupType attribute.

      "groupType" :

      { "type" : "string", "nativeName" : "__GROUP_TYPE__", "nativeType" : "string" }

      "groupScope" :

      { "type" : "string", "nativeName" : "__GROUP_SCOPE__", "nativeType" : "string" }


      3. The vlvSortAttribute configuration option is set to uid by default. For AD, it should be sAMAccountName.


          Issue Links



              • Assignee:
                jason.browne Jason Browne
                jeremy.barras Jeremy Barras [X] (Inactive)
                QA Assignee:
                Alexander Dracka
              • Votes:
                1 Vote for this issue
                7 Start watching this issue


                • Created: