GetUsersGroupMembership Not Returning Valid LDAP Path?

Jan 14, 2014 at 9:24 AM
Hi All,

I have come accross a small problem when trying to remove a user from a collection if there member groups.

Everything works fine except when coming to "Remove User From Group".

On Assigning the "Group LDAP Path" the runbook fails. Looking at the string returned from "Get Users Group Membership" I can see that it is being prefixed with "DC=<myrootdomainname>".

The problem being that I need to pass an LDAP string to "Remove User From Group" and as the example, shuold look like this:

LDAP://Contoso.com/CN=GroupName,OU=Container,DC=Contoso,DC=Com

However as my string returned from "Get Users Group Membership" is:

DC=Contoso/CN=GroupName,OU=Container,DC=Contoso,DC=Com

The "Remove User From Group" fails as I prefix with LDAP://xxx.xx.com/ to convert to a full LDAP path.

Can anyone shed any light on why this is failing please?

Thanks.
Coordinator
Jan 16, 2014 at 3:29 PM
Hey Cavester,

What version of the integration pack are you using

-Ryan
Coordinator
Jan 16, 2014 at 3:57 PM
This should be fixed in the latest version of the IP.
Jan 20, 2014 at 10:02 AM
Thanks for the reply.

I am using 4.1 of the IP. I thought this was the latest version?

Thanks,

Lee.
Coordinator
Jan 20, 2014 at 3:32 PM
Edited Jan 20, 2014 at 4:29 PM
Hey Lee,

In 4.1 the Object_LDAP_Path output from Get Users Group Membership object properly formats its outputs for other objects (it will publish in the form LDAP://Forest/DN) so you don't need to do any formatting in successive objects
Picture
Jan 21, 2014 at 4:32 PM
hmmm, but if I output the Object_LDAP_Path attribute it is in the format, "DC=Contoso/CN=GroupName,OU=Container,DC=Contoso,DC=Com"?
Feb 3, 2014 at 1:49 PM
Ok, got it working but I had to use string replacement on the Object_LDAP_Path to get the desired LDAP path.

All I can think is that there is a problem with LDAP paths that have sub domains or something?

If our domain is global.contoso.com then the Object_LDAP_Path is outputting:

"LDAP://global.contoso.com/DC=Contoso/CN=GroupName,OU=Container,DC=global,DC=Contoso,DC=Com" which does not work when passed to any other successive object.

The DC in bold is obviously wrong and dont know why it is being inserted here. Anyway, string replacement now removes it and all works.

Thanks,

Lee.
Coordinator
Feb 3, 2014 at 2:16 PM
Interesting! I am not quite sure why its outputting that for child domains, I will try it on some of ours. Thanks for the point out

Sent from Windows Mail

Coordinator
Feb 3, 2014 at 3:03 PM
I have replicated the error internally and found the bug. I will be updating the IP soon
Feb 3, 2014 at 3:06 PM
Excellent, thanks.

Thought I was going mad! :)