How do i restrict LDAP-Access to a specific Group?

hcl-bot · August 27, 2010, 2:42am

Hello

Example:

We’ve a Employee and a Freelancer Group in our Domino Directory.

Now i want, that over Sametime LDAP only Employee’s are allowed to Login.

At the Moment every User that exists in the DD can Login on the Sametime-Server over LDAP.

Authentication Filter Looks like this atm:

(&(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(uid=%)(sn=%s)(mail=%s)))

Same on other Systems like Confulence or so that use our LDAP-Directory on Domino.

i tried things like ou=Employee Group or cn=Employee Group in the LDAP Authentication Part but it didn’t work.

Anyone got some idea or a good Document were i can read about these things?

Thanks!

regards

Tibor

hcl-bot · August 27, 2010, 2:49pm

Subject: Change ObjectClass

Hi, your search string:(&(objectclass=organizationalPerson)(|(cn=%s)(givenname=%s)(uid=%)(sn=%s)(mail=%s)))

objectclass=organizationalPerson tells LDAP, that only Persons should be in the list. So you have to remove this parameter, or add dominoGroup to it, then you can add the group name:

(&(cn=“Emplyeegroup”)(|(cn=%s)(givenname=%s)(uid=%)(sn=%s)(mail=%s)))

but this wouldn’t be a good thing for performance

(&(|(objectclass=organizationalPerson)(objectclass=dominoGroup)(cn=“Employeegroup”))(|(cn=%s)(givenname=%s)(uid=%)(sn=%s)(mail=%s)))

Greetings Chris