[LDAP] Why does User_GetGroups work with CN?

[LDAP] Why does User_GetGroups work with CN?

  
Forge Component
(15)
Published on 2014-11-24 by Filipe Jacinto
15 votes
Published on 2014-11-24 by Filipe Jacinto

In our AD we have 3 users with the same CN. When we get the groups of this user, the action User_GetGroups returns the group memberships of a random (and, according to Murphy's law, the wrong) user. Is it possible to change the logic and use the e-mail address as identifier for the user?

Best regards,

Leen Rietveld

MeanLean wrote:

In our AD we have 3 users with the same CN. When we get the groups of this user, the action User_GetGroups returns the group memberships of a random (and, according to Murphy's law, the wrong) user. Is it possible to change the logic and use the e-mail address as identifier for the user?

Best regards,

Leen Rietveld

What if you used the SID instead? That is supposed to be unique and I think the component allows you to return it with the results when you query for users.


Hi Rado,

I tried with the SID (objectSid) instead. But the problem is that this is a binary value that the action Search_SpecificProperties cannot retrieve. The value = System.Byte[]. When i use this value as input in the action User_GetGroups i get the message 'Could not find (CN=System.Byte[]) in path LDAP://xx.xxx.xxx.xx'. So my conclusion is that the 'User' input only accepts the CN property.

So unfortunately, SID is not working. I also tried UPN (userPrincipalName) which is also unique. Result: the same error message. Would it be possible to change the component so that it accepts the UPN as a User identifier?

Best regards,

Leen Rietveld.