• 2 replies
  • Latest Post - ‏2014-02-20T07:16:09Z by JanGrimm
2 Posts

Pinned topic TSP group filtering

‏2014-02-19T13:15:41Z |
We would like to use an LDAP group filtering with the TSP. Unfortunately this seems to not work correctly. Microsoft knows "objectclass = groupOfNames" not only "objectclass = group" 
base directory is: OU = TestOU, DC = domain, DC = local 
the user are in under OU's within the "TestOU". the groups are in an under OU. 
The user authentication works without problems. as soon as I enable group filtering it does not group with the user. 
Group is "Mobile Device Users" 
following commands I executed: 
tsp.bat config ldap_group_filter "(objectclass = group)" 
tsp.bat config ldap_allowed_groups "['Mobile Device Users']" 
to test whether I have the group moved directly into the TestOU with the same result at the OU is below: 
"Group membership failed: User does not belong to allowed to group" 
thanks for the help



  • rheng
    21 Posts

    Re: TSP group filtering


    Hi Jan,

    If you are in a single tenant environment, you can use the setup dashboard to reconfigure the group filtering.

    Setup and Configuration Wizard > Configure Authenticated Enrollment for Apple iOS /Android > Configure Authentication

    The dialog there should be able to walk through the procedure.

    If you are in a multi-tenant environment, I believe the commands you are running are correct, but you need the full DN of the group to be listed in the allowed groups.


  • JanGrimm
    2 Posts

    Re: TSP group filtering


    Hi Richard

    Thank you for your help 
    have a multi-tenant environment and now it works. 
    Tried everything only to this idea, I did not :-)