Currently UCP and LDAP integrate through the
Authentication & Authorization section of UCP GUI. In some cases, nested groups within AD is the desired configuration for easier manageability.
Example Setup of AD Tree
Group Member Attribute: "member" - DockerTestGroup --- ADTeamGroup - ADTeamGroup --- user1 --- user2 --- user3
To successfully implement the above configuration, the following values can be used in the
Add LDAP User Search Configuration option under the
Authentication & Authorization section of the UCP GUI
Base DN = <base DN of active directory> Username Attribute = sAMAccountName Full Name Attribute = cn Filter = &(objectClass=user)(objectClass=person)(memberof:1.2.840.1135126.96.36.1991:=CN=<>,CN=<>,DC=<>,DC=<>,DC=<>,DC=<>)(!(objectClass=computer)))
For the above
Filtervalue, please enter your specific DN configuration in replace of
In short, the values above for
Filterare unicode strings to enable stronger and more efficient LDAP searches. You can learn more about these by researching "Active Directory Search Filter Syntax".
Search subtree instead of just one level on the same configuration page.
Users should now be able to authenticate successfully using nested groups!