We are wanting all users to be able to be log in and use Rocket.Chat, as such we don’t have any real limitations in importing users from AD into Rocket.Chat - except for not importing a heap of Service Accounts in - which is all segregated with OU’s.
Our structure of where our users are that we want in Rocket.Chat is:
- OU: Domain Users
-OU: Sub Group1…etc
-OU: System Administrators
I’ve configured Rocket.Chat to connect to our AD, with the Base DN as:
OU=“System Administrators”+OU=“Domain Users”,dc=domain, dc=com
I haven’t configured to ‘Sync LDAP Groups’ - at this stage we aren’t using groups for Rocket.Chat.
When I Execute the Sync all the Domain Users are imported and can log in, Awesome!..except…none of the System Administrators are imported.
If I change the Base DN to:
OU=“Domain Users”+OU=“System Administrators”,dc=domain, dc=com
The System Administrators are then imported and can login…except…now none of the Domain Users can login again (even though they could before changing the Base DN), and they are still listed under “Users” in Rocket.Chat.
Server Setup Information
- Version of Rocket.Chat Server: 3.9.3
- Operating System: CentOS 8
- Deployment Method:
- Number of Running Instances: 1
- DB Replicaset Oplog:
- NodeJS Version:
- MongoDB Version: 4.4.2
- Firewalls involved: