Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Defect acknowledgement with Nprinting Engine May 2022 SR2, please READ HERE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Pawel_Snarski
Partner - Contributor II
Partner - Contributor II
‎2021-12-17 04:36 AM

Assign security role to user on LDAP import?

I know that there is a similar issue which was resolved

https://community.qlik.com/t5/Qlik-NPrinting-Discussions/Assign-security-role-on-LDAP-import/td-p/11...

However, I am having problem understanding what has to be changed:

1. I've created a security role in NPrinting --> NPrinting_Developer

2. I've created an ad group --> NPrinting_Developer

3. There is just one user in this ad directory which is then imported via ldap

Entry Attributes:
Body1.png
What should I input in the in the advanced section to make it work?

Body2.png

Labels (2)
Labels
740 Views
0 Likes
1 Solution

Accepted Solutions
Ruggero_Piccoli
Support
Support
‎2021-12-17 10:47 AM

In response to Pawel_Snarski

Hi,

You cannot import a security role via LDAP import. Security roles must always be created manually before importing users. 

Typical cause of your problem is that the Role identification and Role membership fiels are set to the wrong values. An LDAP server can be heavily customized so use an LDAP visualization tool or ask to the LDAP server administrator for the correct values.

Ruggero_Piccoli_0-1639755953786.png

In my test import connected to Active Directory, for example, Role identification is set to group not to person. Try to test by changing Role identification value to group.

I'm aware that LDAP importing is a complex topic.

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.

View solution in original post

687 Views
5 Replies
Ruggero_Piccoli
Support
Support
‎2021-12-17 09:31 AM

Hi,

You have an AD user with the group NPrinting_Developer and you already created a Qlik NPrinting security role NPrinting_Developer and you want to import only this AD user or other users with the same AD group. All the "filters" form in the Advanced area accepts filters written using the LDAP syntax.  So:

  • in the Additional user filters you have to add an LDAP filter to select only the AD users that are member of the NPrinting_Developer AD goup to import only them
  • if you left the Additional group filter blank all the groups of the imported users will be created in Qlik NPrinting also if those groups do not already exists. This can be good or not, it depends on your goal. After creating groups in Qlik NPrinting please note that there is not a bulk delete feature so you will need to delete them one by one. My suggestion is to set a filter also here, but it depends on your scenario
  • a user import task cannot create security roles if they do not already exists in Qlik NPrinting. The behavior is different that with groups that are created instead. Security roles are associated with an imported user only if there already is a role with exactly the same name of the AD group. In your case if you have only one security role in Qlik NPrinting with the same name of an AD group you do not need to add a filter in Additional role filters. If you have many AD groups with the same names of security roles you can add an LDAP filter here to select only the roles you want to match.

Details about LDAP import are in https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/DeployingQVNprinting/Import-Users-Fi...

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
708 Views
Pawel_Snarski
Partner - Contributor II
Partner - Contributor II
‎2021-12-17 10:03 AM
Author

In response to Ruggero_Piccoli

Hi,

 

Thank you for your reply!

My intention was not to import the security role, but to assign existing security role to imported user. Should I do it in two seperate tasks?
I have just one AD group = "NPrinting_Developer" with just one user.
My security roles:

Pawel_Snarski_0-1639753202534.png

As you suggested, I've removed anything from additional role filters. It's now empty.
Re-run the import task again and still NPrinting_Developer role wasn't assigned to my user?

Pawel_Snarski_1-1639753276410.png

 

698 Views
0 Likes
Ruggero_Piccoli
Support
Support
‎2021-12-17 10:47 AM

In response to Pawel_Snarski

Hi,

You cannot import a security role via LDAP import. Security roles must always be created manually before importing users. 

Typical cause of your problem is that the Role identification and Role membership fiels are set to the wrong values. An LDAP server can be heavily customized so use an LDAP visualization tool or ask to the LDAP server administrator for the correct values.

Ruggero_Piccoli_0-1639755953786.png

In my test import connected to Active Directory, for example, Role identification is set to group not to person. Try to test by changing Role identification value to group.

I'm aware that LDAP importing is a complex topic.

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
688 Views
Pawel_Snarski
Partner - Contributor II
Partner - Contributor II
‎2021-12-17 12:06 PM
Author

In response to Ruggero_Piccoli

Changing person to group - worked like a charm! Thank you so much. I've checked so many variations, that I didn't notice that part. I completely agree LDAP importing is complex topic 🙂

675 Views
Ruggero_Piccoli
Support
Support
‎2021-12-20 04:28 AM

In response to Pawel_Snarski

@Pawel_Snarski thanks for your feedback. 

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
622 Views
0 Likes