Topic
2 replies Latest Post - ‏2014-02-20T07:16:09Z by JanGrimm
JanGrimm
JanGrimm
2 Posts
ACCEPTED ANSWER

Pinned topic TSP group filtering

‏2014-02-19T13:15:41Z |
Hello 
 
We would like to use an LDAP group filtering with the TSP. Unfortunately this seems to not work correctly. Microsoft knows "objectclass = groupOfNames" not only "objectclass = group" 
 
base directory is: OU = TestOU, DC = domain, DC = local 
 
the user are in under OU's within the "TestOU". the groups are in an under OU. 
 
The user authentication works without problems. as soon as I enable group filtering it does not group with the user. 
 
Group is "Mobile Device Users" 
 
following commands I executed: 
tsp.bat config ldap_group_filter "(objectclass = group)" 
tsp.bat config ldap_allowed_groups "['Mobile Device Users']" 
 
to test whether I have the group moved directly into the TestOU with the same result at the OU is below: 
"Group membership failed: User does not belong to allowed to group" 
 
thanks for the help

 

regards
Jan

  • rheng
    rheng
    21 Posts
    ACCEPTED ANSWER

    Re: TSP group filtering

    ‏2014-02-19T23:05:52Z  in response to JanGrimm

    Hi Jan,

    If you are in a single tenant environment, you can use the setup dashboard to reconfigure the group filtering.

    Setup and Configuration Wizard > Configure Authenticated Enrollment for Apple iOS /Android > Configure Authentication

    The dialog there should be able to walk through the procedure.

    If you are in a multi-tenant environment, I believe the commands you are running are correct, but you need the full DN of the group to be listed in the allowed groups.

    Richard

  • JanGrimm
    JanGrimm
    2 Posts
    ACCEPTED ANSWER

    Re: TSP group filtering

    ‏2014-02-20T07:16:09Z  in response to JanGrimm

    Hi Richard

    Thank you for your help 
     
    have a multi-tenant environment and now it works. 
     
    Tried everything only to this idea, I did not :-)

     

    greeting
    Jan