Type: New Article
Fix Version/s: None
Currently, the proper usage of LDAP setting ldap.import.group.search.filter.enabled is not well-defined and the only documentation that I've found (portal.properties) is actually a little misleading for when the setting is set to false:
It states that "all groups that are associated with the imported users will be imported regardless of the base DN" but this is only true if you've satisfied a few preconditions:
- Users in LDAP need to have attributes defined for the groups they are members of (e.g. "memberOf" for certain LDAP implementations with the group's DN as the value).
- A mapping for "Group" to said attribute must be defined in LDAP Server Settings.
Basically, all groups will be imported if and only if your LDAP users are set up to maintain their group memberships and you've set up the proper mapping in your LDAP Server Settings. Adding these expectations to the documentation should remedy any confusion and prevent future bug reports related to the setting.
Note that when set to true, it behaves as you would expect after reading the documentation so that part is fine.
Let me know if further clarification is needed.