I have an Active Directory connection (shows “connected”), and I am seeing some inconsistency with how it shows Groups in User Management -> Groups.
Scenario 1
Group DN: ou=security groups
Group object class: group
Group object filter: (objectCategory=Group)
Group members attribute: member
This shows a seemingly random set of 37 groups from the Security Groups OU in my AD. There is no correlation between what type of groups (Domain local, Global, & Universal).
Scenario 2
Group DN: ou=security groups
Group object class: group Group object filter: (&(objectCategory=Group)(name=PBX))*
Group members attribute: member
This shows nothing. Obviously the filter change is what broke it, but I’m not sure what the logic is in either scenario. Also, I used a similar filter for the Users section in User Management, and it worked as expected.
My group filter is:
(&(objectCategory=group)(cn=Application Users - FreePBX*))
I don’t know if you cleaned up your Group DN for posting, but it needs to be fully qualified (ou=security groups,dc=domain,dc=net) or left blank.
I try to manage everything from active directory, I do a lot through LDAP, my user filter is insanely long, FreePBX has a great implementation (when it comes to customization).
Thanks for the reply. I tried this, and still no results:
Group DN: ou=Security Groups,dc=domain,dc=tld
Group object class: group
Group object filter: (&(objectCategory=Group)(cn=PBX*))
Group members attribute: member
I’ve tried the same setup (DN=Security Groups) and the search filter: (&(objectCategory=Group)(cn=PBX*)) using Softerra LDAP browser, and it correctly shows the 2 “PBX*” groups I’m interested in using.
Alright, I figured it out, and thought I’d share it here for posterity.
Short Answer: The reason Scenario 1 showed seemingly “random” groups is because FreePBX is only displaying groups that have a “Description” in Active Directory. I found this out by running the ldap query (ldapsearch) from the console using fwconsole:
You can run fwconsole userman --list to find out which number your LDAP source is.
After I ran the “–verbose” query, I saw the errors about group descriptions:
Updating All Groups
ldapsearch <your ldapsearch query shows here>
Retrieving all groups...
Got 2 groups
ERROR group is missing description attribute! Cant continue!!
ERROR group is missing description attribute! Cant continue!!
Finished adding users from non-primary groups
Once I added a Description to those groups in AD, they populate in FreePBX GUI!