ARIS Community - We Love BPM

LDAP integration in ARIS

Chethan Rao U's picture
by CHETHAN RAO in Professional ARIS posted on 2016-12-08

Hi ,

I am trying to integrate LDAP in ARIS 9 and I am able to make a connection between ARIS and LDAP system.

Regarding the user group details,I have given the below details in the UMC Configuration

 

User Search Path: OU=Hosting,dc=dir,dc=example,dc=com

User search filter : (&(sAMAccountName=*))(&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))

I have activated the LDAP also.

But when tried to import the users I'm getting the message as Zero users imported. I have checked the user group and it contains 3 users.

I have also tried to run the LDAP batch file(y-ldapsync.bat) which is available in 
D:\softwareAG\ARIS9.8\server\bin\work\work_umcadmin_m\tools\bin using command prompt I get the same message.

Below is the command used to import the users,

y-ldapsync.bat -s http://my_aris_host.com -t default importUsers -u system -p manager -f (cn=userID)

Can anyone please tell me if I have missed out anything and why I'm getting zero users while importing.

 

Thanks and Regards,

Chethan Rao.

8702 Views
0 Likes
3 Comments
Sorry there are no tags
There are no attachments
Martin Schröder posted on 2016-12-09

Hello Chetan,

apart from one too many parenthese

 (&(sAMAccountName=*) ) (&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))

your User search filter should only specify the memberOf attribute, not the (objectclass=group) term: 

(&(sAMAccountName=*)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))

i.e. take any Account Name that is member of <Usergroup>...

re y-ldapsync.bat

parameter -f should be the same User search filter, but I do not know if special characters must be masked like "\=" as you can see in the UMCConfig.properties file exported from UMC.

-f (cn=userID) looks like the example from the Admin Guide, but there userID is a placeholder for a real Account Name in your directory service

the 2nd Admin Guide syntax example states "...-f (cn=*)" in order to import all users from a LDAP directory.

Hope this helps, Martin

CHETHAN RAO posted on 2016-12-19

Hi Martin ,

Thanks for the solution, I have tried the User search filter suggested by you but still the result is the same(0 users were imported).

In addition I tried to find all the users irrespective of groups, by just giving the user search path without the group filter and I was able to see all the users. It is something in the search filter which is not correct.

 

Regards,

Chethan Rao.

Dilcarina Duarte posted on 2017-05-25

Hello CHETHAN RAO!

Could you please share your filter? We have the same problem and we cant find the solution.

When we try to run the default filter (&(sAMAccountName=*)) in AD machine we are able to see the users but when we try the same filter in umc (import LDAP) we are not.

Regards,

Dilcarina Duarte