4 Replies Latest reply: Apr 29, 2013 7:51 AM by user12075358 RSS

    Unable to login to OID using AD Users based On AD Group Membership

    user12075358
      Hi,

      Our requirement is one way synchronization AD Group ( ex: cn=adgroup,cn=users,dc=domain,dc=com) to OID Container (ex : cn=appusers,cn=users,dc=domain,dc=com).

      Here are some DIP mapping rules:
      ------------------------------------------------
      dc=domain,dc=com:cn=appusers,cn=users,dc=domain,dc=com:cn=%,cn=appusers,cn=users,dc=domain,dc=com
      userPrincipalName: : :user:uid: :inetorgperson:trunc(userPrincipalName,'@')
      member: : :group:uniquemember: :groupofUniqueNames:trunc(member,',')+',cn=adgroup,cn=users,dc=domain,dc=com'

      Here is DIP search filter:
      ----------------------------------
      (|(memberof=cn=adgroup,cn=users,dc=domain,dc=com)(&(cn=appusers,cn=users,dc=domain,dc=com)(objectclass=group)))

      AD Users within the group are successfully synchronized to OID Container and also i am able to compare and bind the users using ldapbind and ldapcompare commands.
      But login to OAM is not working.

      Is there any thing i am missing here?

      You comments, suggestions will be greatly appreciated.


      Thanks.