Choose your language

Choose your login

Contact us

LDAP: cannot find groups (users are imported successfully)

THE PAGE APPLIES TO:

The Problem: After checking the settings at Options → User/Group Sync, users are being imported successfully but no groups appear for import via Groups → Add/Remove Groups.

Mismatching LDAP schemas

PaperCut looks up groups by finding objects that contain “members”. One implication of this is that if your group does not have any members yet, it will not be displayed by PaperCut.

Different LDAP servers / schemas use define group membership in different ways. For example, some servers list members in the “member” field, others the “memberUid” field. PaperCut is looking for a field different to your LDAP server no groups will be returned. The field PaperCut uses can be changed with the “ldap.schema.group-member-field” config key.

Another difference is how users are stored in the member field. It can be either the user’s full DN or their username. This can be changed with “ldap.schema.posix-groups” setting.

For more information on these advanced settings see: https://www.papercut.com/products/ng/manual/apdx-ldap.html

Too restrictive Base DN

A common reason for this is the Base DN used at Options → User/Group Sync being too restrictive. The base DN is used to limit LDAP searches to items underneath it. LDAP searches are used to find both users and groups.

E.g. if using a base DN like:

 CN=Users,DC=myorg,DC=edu

then only items under the object ‘Users’ will be found. If groups are stored at:

 CN=Groups,DC=myorg,DC=edu

they will be ignored (because Groups does not exist beneath Users - it is stored under myorg). In this situation a valid base DN would be:

 DC=myorg,DC=edu

which will allow PaperCut to find both the users and groups.

Once a base DN has been defined you may still limit the users that are imported to one particular group by clicking Change Group under the Import users from option.

Also see:


Categories: Troubleshooting Articles , User Management


Keywords: not visible , not available

Comments

Last updated February 15, 2024