Steve Giller Posted February 12, 2018 Share Posted February 12, 2018 As in the wiki, we can Associate a group to Hornbill user accounts, but can we associate multiple groups? For example, if we want to assign a service to IT Services, but another specifically to IT Infrastructure could we look at [department] for their department (IT Services) and [extensionAttribute11] for the team (IT Infrastructure) and have both assigned at import time? If so, is it as simple as: "OrgLookup":{ "Action":"Both", "Enabled":false, "Attribute":"[department]", "Type":2, "Membership":"member", "TasksView":true, "TasksAction":true, "OnlyOneGroupAssignment":false "Action":"Both", "Enabled":false, "Attribute":"[extensionAttribute11]", "Type":1, "Membership":"member", "TasksView":true, "TasksAction":true, "OnlyOneGroupAssignment":false } Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 15, 2018 Share Posted February 15, 2018 @DeadMeatGF The import tool does not currently support multiple organisations, we are currently in the process of a large update to the tool, we will see if we can provide this functionality as part of the next major update (3.0). Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted February 15, 2018 Author Share Posted February 15, 2018 Thanks @TrevorKillick, Is there (or are there plans to implement) a way to add to organisations based on AD group membership at all? For example, all delivery staff have access to ProMonitor, but only some of them have access to ProGeneral - internally this is controlled by AD groups. It would be useful to have the ability to use the existing groups to add staff to Hornbill Organisations and be able to control access to Services that are specific to these groups. Link to comment Share on other sites More sharing options...
samwoo Posted February 15, 2018 Share Posted February 15, 2018 14 minutes ago, DeadMeatGF said: Is there (or are there plans to implement) a way to add to organisations based on AD group membership at all? +1 - would be great as we using AD Groups and Policies. Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 15, 2018 Share Posted February 15, 2018 @DeadMeatGF So would this be some form of additional filter on the Group Assignment so it would only assign if a user was in a particular AD Group? So something like "Condition":"[extensionAttribute11] == 'Some Group Name'" Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted February 15, 2018 Author Share Posted February 15, 2018 Unfortunately it's probably not quite that easy - group memberships are in the memberOf attribute, which is a multi-value and a backlink attribute. I'm sure there's a way of pushing groups into other attribute for ease or reading, but we'd quickly run out of extensionAttribute## options (most of which we already use!) as a single member of staff could be in Delivery, Personal Coach, Health & Safety, Fire Marshall, and Budget Holder groups - and that's just off the top of my head. If we applied this technique to Facilities requirements as well we could easily run out of extensionAttributes even if we weren't already using some. Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 15, 2018 Share Posted February 15, 2018 @DeadMeatGF Got it, just looked up the memberOf Ad Attribute will have a look and see if there is anything we can come up with as a solution here. Something we could do is: "MemberOf":"cn=IT Administrators,ou=groups,dc=example,dc=com", And try and do a direct match to one of the Ad Groups like this. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted February 15, 2018 Author Share Posted February 15, 2018 Brilliant, I'll keep my fingers crossed. 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 26, 2018 Share Posted February 26, 2018 @DeadMeatGF @samwoo Just to confirm the ability to define multiple Group Assignments against a LDAP User Import will be part of the 3.0 release due in the next few weeks, along with the ability to set Member Of where a user must be a Member of the dfined group in AD before the Group Assignment Is made. You may also notice from the screenshot that there will soon be a UI for configuing the Import... Kind Regards Trevor Killick 2 Link to comment Share on other sites More sharing options...
Steve Giller Posted February 26, 2018 Author Share Posted February 26, 2018 Very nice, thank you. I was thrown by the "3.0 release" at first - I thought I was back reading about Elite: Dangerous again! Their 3.0 release is out tomorrow 1 Link to comment Share on other sites More sharing options...
Victor Posted February 26, 2018 Share Posted February 26, 2018 @DeadMeatGF if you like Elite Dangerous you should try Stellaris as well... although completely different genres, this one is a 4x strategy ... spent countless hours building my galactic empire... *sigh... and the missus does not seem to understand becoming the ruler of the universe takes time and patience... 2 Link to comment Share on other sites More sharing options...
Dan Munns Posted February 27, 2018 Share Posted February 27, 2018 15 hours ago, Victor said: adMeatGF if you like Elite Dangerous you should try Stellaris as well... although completely different genres, this one is a 4x strategy ... spent countless hours building my galactic empire... *sigh... and the missus does not seem to understand becoming the ruler of the universe takes time and patience... This. Definitely this. Link to comment Share on other sites More sharing options...
Steve Giller Posted February 27, 2018 Author Share Posted February 27, 2018 It has been recommended - but with approaching 5,000 hours in Elite I may struggle to give ruling the Universe the level of commitment it deserves! Link to comment Share on other sites More sharing options...
samwoo Posted March 20, 2018 Share Posted March 20, 2018 On 26/02/2018 at 3:28 PM, TrevorKillick said: @DeadMeatGF @samwoo Just to confirm the ability to define multiple Group Assignments against a LDAP User Import will be part of the 3.0 release due in the next few weeks, along with the ability to set Member Of where a user must be a Member of the dfined group in AD before the Group Assignment Is made. You may also notice from the screenshot that there will soon be a UI for configuing the Import... Kind Regards Trevor Killick Hi @TrevorKillick, How's the progress with the 3.0 release and the Server Build? Is there a way to assign multiple groups via the configs for the LDAP_Import we use currently? (i cannot find any details about this on Github or the Wiki) Many thanks, Samuel Link to comment Share on other sites More sharing options...
TrevorKillick Posted March 20, 2018 Share Posted March 20, 2018 @samwoo So the Server Build that enables the UI "should" go out Thursday evening although that is as always subject to change if we find any issues during the testing phase. The LDAP User Import version 3.0 is already released to GitHub but required the new Admin UI so from Friday you should all be good to go. I am planning on pining a post detailing the migration from 2.* to 3.0 and there is a Harry Hornbill notice that will show in Admin once everything is released. Kind Regards Trevor Killick 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now