TSP group filtering

system · February 19, 2014, 4:15pm

(imported topic written by JanGrimm)

Hello

We would like to use an LDAP group filtering with the TSP. Unfortunately this seems to not work correctly. Microsoft knows “objectclass = groupOfNames” not only “objectclass = group”

base directory is: OU = TestOU, DC = domain, DC = local

the user are in under OU’s within the “TestOU”. the groups are in an under OU.

The user authentication works without problems. as soon as I enable group filtering it does not group with the user.

Group is “Mobile Device Users”

following commands I executed:

tsp.bat config ldap_group_filter “(objectclass = group)”

tsp.bat config ldap_allowed_groups “[‘Mobile Device Users’]”

to test whether I have the group moved directly into the TestOU with the same result at the OU is below:

“Group membership failed: User does not belong to allowed to group”

thanks for the help

regards

Jan

system · February 20, 2014, 2:05am

(imported comment written by rheng)

Hi Jan,

If you are in a single tenant environment, you can use the setup dashboard to reconfigure the group filtering.

Setup and Configuration Wizard > Configure Authenticated Enrollment for Apple iOS /Android > Configure Authentication

The dialog there should be able to walk through the procedure.

If you are in a multi-tenant environment, I believe the commands you are running are correct, but you need the full DN of the group to be listed in the allowed groups.

Richard

system · February 20, 2014, 10:16am

(imported comment written by JanGrimm)

Hi Richard

Thank you for your help

have a multi-tenant environment and now it works.

Tried everything only to this idea, I did not

greeting

Jan