LDAP + UserData Group Map (AD)

Description

Server Setup Information

  • Version of Rocket.Chat Server: 3.2.2
  • Operating System: CentOS
  • Number of Running Instances: 1
  • NodeJS Version: 12.14.0
  • MongoDB Version: 4.0.18
  • Proxy: nginx
  • Firewalls involved: nope

I have installed RocketChat with an LDAP Active Directory connection. All users are synched and a login is possible.
Now I want to manage roles via Active Directory groups. My setting:
BaseDN: OU=myusers,DC=uni-wh,DC=de
Merge Existing Users: on
Sync User Data: on
User Data Field Map: {“displayName”:“name”, “mail”:“email”}
Sync LDAP Groups: on
Auto Remove User Roles: on
User Group Filters: (&(sAMAccountName=#{username})(memberOf=CN=#{groupName},OU=RocketChat,OU=Software,OU=mygroups,DC=uni-wh,DC=de))

LDAP Group BaseDN: OU=mygroups,DC=uni-wh,DC=de
User Data Group Map: {“rocketchat_admins”: “admin”, “rocketchat_live” : “livechat-manager” }
User Search Filter:(&(objectCategory=person)(objectclass=user))

So, the user which are member of the Active Directory group rocketchat_admins do not get the role admin, but simply the role user.

Can you tell me, what I have done wrong?
Kind regards,

Peter

I teste a lot of paramaters, but I still do not get Active Directory groups mapped to rocketchat roles.

In the Active Directory groups and users are under a different OUs. I set my BaseDN to OU=uwhusers,DC=uni-wh,DC=de and my LDAP Group BaseDN to OU=uwhgroups,DC=uni-wh,DC=de

It is impossibel to set the BaseDN to OU=uwhusers+OU=uwhgroups,DC=uni-wh,DC=de as described in the example. This leads to an error…

My group filter:
&(sAMAccountName=#{username})(memberOf=CN=#{groupName},OU=Software,OU=uwhgroups,DC=uni-wh,DC=de))

The user data map:
{
“rocketchat_admins”: “admin”,
“rocketchat_user”: “user”
}

All AD users are imported but no one gets the admin role. What could be wrong?

Same problem. My LDAP login works but no admin.

Does anyone have this working?

Is there any LDAP User Data Group Map setup documentation?

1 Like