KB 170051: How to use nested groups with LDAP synchronization tool1/3/2018 4:56:16 PM
With the “memberOf” attribute only users member of the assigned group could be synchronized with the LDAP sync tool.
This article describes a workaround on how to use nested groups for synchronization.
The workaround is described with the example below.
Create a local group (LG_test) and a global group (GG_test) in Active Directory.
Add the global group in the local group and add the users that need to be synchronized in the global group.
Then you need to add following attribute to the LDAP Sync filters:
Match: Distinguished name of your local group
Then all members of the nested group(s) will by synchronized.
Applies to: LDAP Synchronization tool, IDENTIKEY Appliance
KB 17005`– 3/01/2018
© 2018 VASCO Data Security. All rights reserved.