searching with: base => 'OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' control => 'Net::LDAP::Control::Paged=HASH(0x93cc210)' filter => '(|(CN=MY_RT_USERS_*))' scope => 'sub'
search found 2 objects
Processing group MY_RT_USERS_AGENTS
Found new group MY_RT_USERS_AGENTS to create in RT
RT Field RT Value -> LDAP Value
Description unset => Imported from LDAP
Member_Attr unset => ARRAY(0x9834d90)
Name unset => MY_RT_USERS_AGENTS
Processing group membership for MY_RT_USERS_AGENTS
No group in RT, would create with members:
searching with: base =>
'CN=ANOTHER_GROUP,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' control =>
'Net::LDAP::Control::Paged=HASH(0x983cfc0)' filter =>
'(&(objectClass=user)(!(cn=*Template*))(!(enabled=false))(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*)(lastLogonTimestamp>=130251456000000000))'
scope => 'base'
search found 0 objects Imported 1/2 groups
The problem seems to be that in our AD the main groups norally just concatenate other subgroups so that they doesn't include users but just other groups, for example
MY_RT_USERS_AGENTS
+
+-----> SOME_SUBGROUP
| +
| +----> USER_1
| |
| +----> USER_2
| |
| +----> USER_3
|
+-----> ANOTHER_SUBGROUP
+
+----> USER_4
|
+----> USER_5
|
+----> ...
Unfortunately it's not an option to rework our AD group structure :-(
Crawling the rt-users archive didn't get me anywhat closer to find a
solution to that problem.
I'm using RT::Extension::LDAPImport v0.36Maybe anyone has some experience with a configuration like that and would be able to give me the missing hint :-)
-- Benjamin Klier Systemadministration Max-Planck-Institut für die Physik des Lichts Guenther-Scharowsky-Str. 1/Bau 24 D-91058 Erlangen Tel.: 09131-6877-511 Fax : 09131-6877-199 eMail : [email protected] http://www.mpl.mpg.de
smime.p7s
Description: S/MIME Cryptographic Signature
