LDAP Groups are Empty

Kajetan321

Hello, I set up my auth-ldap (v0.10.4) plugin as follows:

ldaps://ad_serv.something.company.com
Certificate authentication item: /etc/ssl/certs/company_root.pem
check cert = OFF
Use StartTLS = OFF

base= DC=something,DC=company,DC=com
Credentials:
dn = admin@something.company.com
password = xxxxx
user filter=(userPrincipalName={{name}})
ID Attribute= dn

and I’m able to log onto XOA with AD domain credentials. The next challenge is to get LDAP groups working. I used the settings from this post:
https://xcp-ng.org/forum/topic/3760/ldap-plugin-syncing-groups-from-windows-ad-server-2016-help/3

Base			DC=something,DC=company,DC=com
Filter			objectClass=group
ID Attribute		cn
Display name attribute	cn

Members mapping

Group attribute		member
User attribute		dn

After rebooting XOA I got the domain groups to show up under Settings > Groups. The problem is each of the groups is empty (no users in group).

My knowledge of LDAP is very limited. Would anyone know how to modify the configurations so users will populate, I’m assuming that’s what you would want. I would like different AD groups to have different abilities in XO

Cheers.

Darkbeldin

@Kajetan321 Hi,

Users are only populating groups when they try to login so that "normal" that you have no user in the groups at start

Kajetan321

@Darkbeldin Got ya, thanks!