The problem is that ldap search filters doesn’t support wildcard when searching
the memberof attribute. You can find many questions on the web for this issue.
But is unfortunately not supported.
Kind regards
Jens
> Den 13. sep. 2021 kl. 08.23 skrev Samudrala, Vamshi Bhargav
> <[email protected]>:
>
> Trying the Dev team for help.
>
> From: Samudrala, Vamshi Bhargav <[email protected]>
> Date: Tuesday, 7 September 2021 at 12:24 AM
> To: [email protected] <[email protected]>
> Subject: Unable to view LDAP group members
> Hello there,
>
> I’ve set up NiFi to use our organization’s LDAP. I’m able to see the groups
> with the current configuration but I’m unable to see the members in it. I’m
> actually able to see the members when I specify the full group name but not
> with a regex. I’ve tried multiple combinations over the last few days but
> haven’t been able to get it working. Hoping to find the answers here.
>
> The conf that works:
> <property name="User Search Base">DC=xxxxxx,DC=com</property>
> <property name="User Object Class">person</property>
> <property name="User Search Scope">SUBTREE</property>
> <property name="User Search
> Filter">(memberOf=CN=NIFI_GROUP_NAME,OU=Groups,OU=ISO,DC=xxxxx,DC=com)</property>
> <property name="User Identity Attribute">sAMAccountName</property>
> <property name="User Group Name Attribute"></property>
> <property name="User Group Name Attribute - Referenced Group
> Attribute"></property>
>
> <property name="Group Search Base">DC=xxxxx,DC=com</property>
> <property name="Group Object Class">group</property>
> <property name="Group Search Scope">SUBTREE</property>
> <property name="Group Search Filter">(cn=NIFI*)</property>
> <property name="Group Name Attribute">sAMAccountName</property>
> <property name="Group Member Attribute">member</property>
> <property name="Group Member Attribute - Referenced User
> Attribute"></property>
>
>
> I see all the groups whose name start with NIFI. I see the group name in the
> users’ Member Of list and the users in the group’s Members list on the NiFi
> UI for the NIFI_GROUP_NAME group and not others. The below doesn’t work
> though. I want to see all the groups and members if the groups whose name
> starts with NIFI. The only change I made is in the User Search Filter and
> included a wildcard.
>
>
> <property name="User Search Base">DC=xxxxxx,DC=com</property>
> <property name="User Object Class">person</property>
> <property name="User Search Scope">SUBTREE</property>
> <property name="User Search
> Filter">(memberOf=CN=NIFI_*OU=Groups,OU=ISO,DC=xxxxx,DC=com)</property>
> <property name="User Identity Attribute">sAMAccountName</property>
> <property name="User Group Name Attribute"></property>
> <property name="User Group Name Attribute - Referenced Group
> Attribute"></property>
>
> <property name="Group Search Base">DC=xxxxx,DC=com</property>
> <property name="Group Object Class">group</property>
> <property name="Group Search Scope">SUBTREE</property>
> <property name="Group Search Filter">(cn=NIFI*)</property>
> <property name="Group Name Attribute">sAMAccountName</property>
> <property name="Group Member Attribute">member</property>
> <property name="Group Member Attribute - Referenced User
> Attribute"></property>
>
>
> I see the group names but not the members.
>
>
> Thanks,
> Vamshi
