Configuring LDAP group search parameters

About this task

Use the Group Search section to search for groups in the LDAP directory tree. The search is started at the directory that is defined in the GroupBase field, and uses the search query that is specified in the Group Search field.

Procedure

  1. Enter the group search information. You can click the question mark next to each field for more information.
    Group Base
    Specify the LDAP directory that you want to start the group search from. If this property is left blank, the search is started from the top-level element in the directory, for example OU=location,DC=domain,DC=com. You can refine your search by starting the search from within a specific organizational unit (OU). For example, to start the search from an OU called Test, set the property value as OU=Test,OU=location,DC=domain,DC=com. The search looks for groups within Test OU that match the GroupSearch criteria. If GroupSubtree is selected, any OUs that belong to the Test OU are also searched.
    Note: You can use the Browse icon to the right of the field to go through your directory structure and select a specific starting location.
    Group Search
    Specify the LDAP filter expression to be used for the group search, for example, (objectClass=group). The expression must filter the results so that just the groups that you want are imported to the Remote Control database. The default value is (objectClass=group), which means, look for users in any object that is a group within the specified GroupBase. This value, imports all Active Directory groups to Remote Control.
    Note: When you use (objectClass=group), some environments can have thousands of groups so it is important to create a filter that imports only the groups that you want. The search can be further refined by using more complex queries. For example, the following values GroupBase=(OU=location,DC=domain,DC=com) GroupSearch=(&(objectClass=group)(name=Dep*)) return any groups within the location OU whose name starts with Dep. For example, groups with names department1 or deputy might be returned.
    Group Subtree
    Select this option if you want to recursively search the subtree of the element that is specified in the GroupBase attribute for groups. If you do not select this option, only the top level is searched. Default value is not selected.
    Group Name
    The LDAP attribute name that is used for a group search. This property is set to name by default.
    Group Description
    The LDAP attribute name that is used to get the description for this group. This value is set to description by default.
    Group Membership Attribute
    The LDAP attribute name that is used to find the members of the groups that are returned as a result of the specified search. The default value is member.
  2. Click Test Groups Search. A message box is displayed with the total number of groups that are found as a result of the search. Click OK.

Results

The resulting groups are displayed in the text box on the right. This list of groups are imported from LDAP when LDAP synchronization is enabled. You can click the icon to the left of each group name to see a list of the LDAP attributes and values that are defined for the group.

When you have the required group search results, use the User search section of the utility to configure and test values for your User Search LDAP properties. For more information, see Configuring LDAP user search parameters. Save your current configuration by following the steps in Saving your LDAP configuration.