LDAP + UserData Group Map (AD)

Description

Server Setup Information

  • Version of Rocket.Chat Server: 3.2.2
  • Operating System: CentOS
  • Number of Running Instances: 1
  • NodeJS Version: 12.14.0
  • MongoDB Version: 4.0.18
  • Proxy: nginx
  • Firewalls involved: nope

I have installed RocketChat with an LDAP Active Directory connection. All users are synched and a login is possible.
Now I want to manage roles via Active Directory groups. My setting:
BaseDN: OU=myusers,DC=uni-wh,DC=de
Merge Existing Users: on
Sync User Data: on
User Data Field Map: {“displayName”:“name”, “mail”:“email”}
Sync LDAP Groups: on
Auto Remove User Roles: on
User Group Filters: (&(sAMAccountName=#{username})(memberOf=CN=#{groupName},OU=RocketChat,OU=Software,OU=mygroups,DC=uni-wh,DC=de))

LDAP Group BaseDN: OU=mygroups,DC=uni-wh,DC=de
User Data Group Map: {“rocketchat_admins”: “admin”, “rocketchat_live” : “livechat-manager” }
User Search Filter:(&(objectCategory=person)(objectclass=user))

So, the user which are member of the Active Directory group rocketchat_admins do not get the role admin, but simply the role user.

Can you tell me, what I have done wrong?
Kind regards,

Peter

I teste a lot of paramaters, but I still do not get Active Directory groups mapped to rocketchat roles.

In the Active Directory groups and users are under a different OUs. I set my BaseDN to OU=uwhusers,DC=uni-wh,DC=de and my LDAP Group BaseDN to OU=uwhgroups,DC=uni-wh,DC=de

It is impossibel to set the BaseDN to OU=uwhusers+OU=uwhgroups,DC=uni-wh,DC=de as described in the example. This leads to an error…

My group filter:
&(sAMAccountName=#{username})(memberOf=CN=#{groupName},OU=Software,OU=uwhgroups,DC=uni-wh,DC=de))

The user data map:
{
“rocketchat_admins”: “admin”,
“rocketchat_user”: “user”
}

All AD users are imported but no one gets the admin role. What could be wrong?