Properties

Update group membership for a selected user.

Requirements

An LdapClient module deployed with matching name as defined in "namespace".

Configuration

Control type: ActiveDirectoryUserEditGroupMember

Name

Desciption

Default value

Mandatory

namespace

Identifier of LdapClient module to use

"default"

columns

List array with columns to display

["cn","description"]

change_is_required

Force admin to update user, true/false

false

base_dn

Search base DN.

"DC=company,DC=local"

scope

Search scope.

"SUB"

current_filter

Search filter. Used to fetch all groups the the user is a member of.

N/A

available_filter

Search filter. Used to fetch available groups.

N/A

{
    "id": "<enter_unique_id_for_this_control>",
    "type": "ActiveDirectoryUserEditGroupMember",
    "config": {
        "namespace": "ldap_client_1",
        "base_dn": "DC=company,DC=local",
        "current_filter": "(&(objectClass=group)(member={{{flow.findMyActiveDirectoryUsers}}}))",
        "available_filter": "(&(objectClass=group)(!(member={{{flow.findMyActiveDirectoryUsers}}})))",
        "columns": [
            "cn",
            "sAMAccountName"
        ]
    }
}

This control works in conjunction with LdapClient module. It must be installed.

Exposed data to flow

Object array, "ad_pending_remove" - contains data on what groups to remove from user.

Object array, "ad_pending_add" - contains data on what groups to add to user.

Array data will have the syntax:

"ad_pending_add": [
    {
        "id": "CN=AWS administrator,OU=access_review,OU=Governance,OU=IdM_demo,OU=Product_Testing,DC=company,DC=local",
        "description": "Test",
        "cn": "AWS administrator",
        "sAMAccountName": "AWS administrator"
    },
    {
        "id": "CN=Cert Publishers,CN=Users,DC=company,DC=local",
        "description": "Members of this group are permitted to publish certificates to the directory",
        "cn": "Cert Publishers",
        "sAMAccountName": "Cert Publishers"
    }
],
"ad_pending_remove": [
    {
        "id": "CN=Access Control Assistance Operators,CN=Builtin,DC=company,DC=local",
        "cn": "Access Control Assistance Operators",
        "sAMAccountName": "Access Control Assistance Operators",
        "description": "Members of this group can remotely query authorization attributes and permissions for resources on this computer."
    }
]

Valves used in finalize pipe

ActiveDirectoryAddMemberToGroups

Used to add a single group member to groups

ActiveDirectoryRemoveMemberFromGroups

Used to remove a single group member from groups

PreviousActiveDirectoryUserEditGroupMember NextActiveDirectoryGroupEditGroupMember

Last updated 1 month ago