Hi there.
OS: Debian 8
ejabberd: 14.07
My config:
mod_shared_roster_ldap:
ldap_groupattr: "name"
ldap_memberattr: "member"
ldap_memberattr_format_re: "CN=(\\w*),CN=Users,DC=my,DC=domain,DC=de"
ldap_userdesc: "displayName"
ldap_filter: ""
ldap_rfilter: "(objectClass=posixGroup)"
ldap_ufilter: "(&(objectClass=organizationalPerson)(cn=%u))"
ldap_group_cache_validity: 60
ldap_user_cache_validity: 60
ldap_auth_check: offThis works so far but most of our users are member of more then one group and accordingly get listet in multiple groups.
The primary group of every user ist stored in the attribute "gidNumber". Is it possible to use this attribute to list the users in only one group?
This is what a user object looks like:
dn: CN=USER1,CN=Users,DC=my,DC=domain,DC=de
cn: USER1
sAMAccountName: USER1
displayName: User One
gidNumber: 500
memberOf: CN=GROUP1,CN=Users,DC=my,DC=domain,DC=de
memberOf: CN=GROUP2,CN=Users,DC=my,DC=domain,DC=de
memberOf: CN=GROUP3,CN=Users,DC=my,DC=domain,DC=deThis is what a group object looks like:
dn: CN=GROUP1,CN=Users,DC=my,DC=domain,DC=de
cn: GROUP1
name: GROUP1
gidNumber: 500
objectClass: posixGroup
member: CN=USER1,CN=Users,DC=my,DC=domain,DC=de
Any ideas?
Any ideas?