Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

nwatson-qit
New Contributor

Are nested AD groups supported in the Additional LDAP filter in an AD UDC

I have created a user directory connector that reads users from active directory (sync data for existing users ticked), and has an additional filter that specifies a particular AD group for users who should have access to Sens. I had hoped to nest more AD groups in this group to permit users access, but only users listed directly in the queried AD group are sync'd, not users that belong to nested groups.

Does anyone know if nested groups are permitted in a UDC LDAP query?

4 Replies
lucienorrin
Contributor

Re: Are nested AD groups supported in the Additional LDAP filter in an AD UDC

I was wondering this as well.

Did you ever get an answer?

nwatson-qit
New Contributor

Re: Are nested AD groups supported in the Additional LDAP filter in an AD UDC

Never did. My own investigations suggested that it doesnt, but the LDAP query can be updated to OR type. which I think will overcome my initial problem. It does mean the security maintenance is a bit heavier though.

lucienorrin
Contributor

Re: Are nested AD groups supported in the Additional LDAP filter in an AD UDC

I was able to import users that are members of nested groups. The query is based on LDAP_MATCHING_RULE_IN_CHAIN, and is faster than a recursive search but still isn't very fast.

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=mygroup,OU=Groups,DC=mydomain,DC=com))

larshilke
New Contributor

Re: Are nested AD groups supported in the Additional LDAP filter in an AD UDC

Thank you Luke for this information. It works like a charm with nested groups. I recommend that this article is marked as Answered.

Community Browser