ARIS Community - We Love BPM

LDAP integration in ARIS

Chethan Rao U's picture
by CHETHAN RAO in Professional ARIS posted on 2016-12-08

Hi ,

I am trying to integrate LDAP in ARIS 9 and I am able to make a connection between ARIS and LDAP system.

Regarding the user group details,I have given the below details in the UMC Configuration


User Search Path: OU=Hosting,dc=dir,dc=example,dc=com

User search filter : (&(sAMAccountName=*))(&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))

I have activated the LDAP also.

But when tried to import the users I'm getting the message as Zero users imported. I have checked the user group and it contains 3 users.

I have also tried to run the LDAP batch file(y-ldapsync.bat) which is available in 
D:\softwareAG\ARIS9.8\server\bin\work\work_umcadmin_m\tools\bin using command prompt I get the same message.

Below is the command used to import the users,

y-ldapsync.bat -s -t default importUsers -u system -p manager -f (cn=userID)

Can anyone please tell me if I have missed out anything and why I'm getting zero users while importing.


Thanks and Regards,

Chethan Rao.

Sorry there are no tags
There are no attachments
Martin Schröder posted on 2016-12-09

Hello Chetan,

apart from one too many parenthese

 (&(sAMAccountName=*) ) (&(objectclass=group)(memberOf=CN=<Usergroup>,OU=Admin,OU=Hosting,DC=dir,DC=example,DC=com))

your User search filter should only specify the memberOf attribute, not the (objectclass=group) term: 


i.e. take any Account Name that is member of <Usergroup>...

re y-ldapsync.bat

parameter -f should be the same User search filter, but I do not know if special characters must be masked like "\=" as you can see in the file exported from UMC.

-f (cn=userID) looks like the example from the Admin Guide, but there userID is a placeholder for a real Account Name in your directory service

the 2nd Admin Guide syntax example states "...-f (cn=*)" in order to import all users from a LDAP directory.

Hope this helps, Martin

CHETHAN RAO posted on 2016-12-19

Hi Martin ,

Thanks for the solution, I have tried the User search filter suggested by you but still the result is the same(0 users were imported).

In addition I tried to find all the users irrespective of groups, by just giving the user search path without the group filter and I was able to see all the users. It is something in the search filter which is not correct.



Chethan Rao.

Dilcarina Duarte posted on 2017-05-25


Could you please share your filter? We have the same problem and we cant find the solution.

When we try to run the default filter (&(sAMAccountName=*)) in AD machine we are able to see the users but when we try the same filter in umc (import LDAP) we are not.


Dilcarina Duarte