Properties
Update group membership for a selected user.
Requirements
An LdapClient module deployed with matching name as defined in "namespace".
Configuration
type
Must be ActiveDirectoryUserEditGroupMember
N/A
namespace
Identifier of LdapClient module to use
default
columns
List array with columns to display
["cn","description"]
change_is_required
Force admin to update user, true/false
false
base_dn
Search base DN.
"DC=company,DC=local"
scope
Search scope.
"SUB"
current_filter
Search filter. Used to fetch all groups the the user is a member of.
N/A
available_filter
Search filter. Used to fetch available groups.
N/A
This control works in conjunction with LdapClient module. It must be installed.
Exposed data to flow
Object array, "ad_pending_remove" - contains data on what groups to remove from user.
Object array, "ad_pending_add" - contains data on what groups to add to user.
Array data will have the syntax:
"ad_pending_add": [
{
"id": "CN=AWS administrator,OU=access_review,OU=Governance,OU=IdM_demo,OU=Product_Testing,DC=company,DC=local",
"description": "Test",
"cn": "AWS administrator",
"sAMAccountName": "AWS administrator"
},
{
"id": "CN=Cert Publishers,CN=Users,DC=company,DC=local",
"description": "Members of this group are permitted to publish certificates to the directory",
"cn": "Cert Publishers",
"sAMAccountName": "Cert Publishers"
}
],
"ad_pending_remove": [
{
"id": "CN=Access Control Assistance Operators,CN=Builtin,DC=company,DC=local",
"cn": "Access Control Assistance Operators",
"sAMAccountName": "Access Control Assistance Operators",
"description": "Members of this group can remotely query authorization attributes and permissions for resources on this computer."
}
]Valves used in finalize pipe
ActiveDirectoryAddMemberToGroups
Used to add a single group member to groups
ActiveDirectoryRemoveMemberFromGroups
Used to remove a single group member from groups