Configuring an OU for groups augmentation not possible

[engineererr]

Scenario:

• We connect to a sub OU in the LDAPCP general settings to show only people from the employees OU in the people picker:
  campany.ch/users/employees
• The AD claims provider is set to invisible
• We don't want to include another OU: company.ch/users/students
• We need groups augmentation but the groups are not in the employees OU

Problem:

• We can't find groups because they are not in the employees OU

Workaround:

• We changed the OU to users root (company.ch/users) and configured filters to exclude users from students OU

Request:

• We'd like to configure a seperate LDAP base DN to query AD-groups for augmentation.

[Yvand]

Hi @kurky91, thank you for the clear explanation.

I understand the need but this sounds very specific and requires some effort to update the admin page to propose this new setting while not making it confusing.

Besides, you can already do what you want by creating a custom version of LDAPCP and override method GetLDAPServers(RequestInformation).
Object RequestInformation contains the type of operation (augmentation, search, validation), so you can return a LDAP path different based on that.

You can find more information on http://ldapcp.com/For-Developers.html and practical example in "LDAPCP.Developers.zip" that you can find with each LDAPCP release.

The drawback is that it's of course more work than just deploying LDAPCP, and you would lose the administration pages unless you create additional code to be able to use them with your own claims provider.
Would this be an option for you?

[engineererr]

Hi @Yvand

Thank you for your response and all of your work you put into LDAPCP.

We are thinking about extending LDAPCP in the future to support a directory differently to LDAP that allows us to access it through REST endpoints.

Thanks for your suggestion, I'll consider it if the clients decides to extend LDAPCP for his purposes.