Server Setup Information
Rocket.Chat Version: 3.0.10
NodeJS Version: 12.11.0 - x64
MongoDB Version: 4.0.17
MongoDB Engine: mmapv1
Platform: linux
Process Port: 3000
ReplicaSet OpLog: Enabled
AD: WindowsServer 2012
Hello All,
I struggle with connect AD to RocketChat,
I tried a lot of combinations like from:
-https://rocket.chat/docs/administrator-guides/authentication/ldap/
-rocketchat forums
-google search
but nothing works:
My problem is:
I abble to collect whole users from AD, but I can’t implement filters.
I tried:
“(&(objectClass=inetOrgPerson)(memberof=cn=#{groupName},ou=xx,dc=xxx,dc=xxx,dc=xxx)(uid=#{username}))”
“{“filter”: “(&(objectCategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=rocketchat,CN=xxx,DC=xxx,DC=xxx,Dc=xxx)(sAMAccountName=#{username}))”, “scope”: “sub”, “userDN”: “user”, “password”: “pass”}”
“(&(sAMAccountName=#{username})(memberOf=CN=#{groupName},OU=xxx,DC=xxx,DC=xxx,DC=xxx))” —> this works the best, I can assign users to roles
But how I can prevent to acquire whole users,
I want to get only users from specific group,
My settings:
UserName Field : sAMAccountName
Unique Identifier Field: objectGUID,ibm-entryUUID,GUID,dominoUNID,nsuniqueId,uidNumber
Default Domain: xxx.com
Merge Existing Users : ON
Sync User Data: ON
User Data Field Map:{“displayName”:“name”, “mail”:“email”}
Sync LDAP Groups: ON
Auto Remove User Roles: ON
User Group Filter: (&(sAMAccountName=#{username})(memberOf=CN=#{groupName},OU=xxx,DC=xxx,DC=xxx,DC=xxx))
LDAP Group BaseDN: dc=xxx,dc=xxx,dc=xxx
{
“rocketchat” : “user”,
“rocketadmin”: “admin”,
“tech-support”: “support”
}
With this configuration I can get all users from whole AD and users from specific OU (rocketchat --> two groups rocketchat, rocketadmin) got roles.
How I can to prevent to download all users, I only want to get users from OU=rocket and two inside in OU groups rocketchat and rocketadmins.
Thank you for your help.
Regards