Issue
LDAP group import does not add users to the groups.
Release
Applicable to all releases
Cause
When an LDAP group import runs, the onAfter() transform script adds users to the group.
The list of users to be added is specified in the 'member' attribute of the import set record. This attribute holds a comma-separated list of DNs or distinguished names. To add the user to the group, the system queries the sys_user table with the filter 'source=ldap:<DN of one user from member attribute>'.
The user might not be added to the group due to a few different reasons:
- If the source field on the sys_user table has a truncated value of the user's DN.
- If there are two users with the same source and one of them is inactive.
- If the source value differs from what is sent in the member attribute of the group import.
Resolution
If the source field on the sys_user table has a truncated value of the user's DN, do the following:
- Ensure that the max length of the source field on the sys_user table is set to 100.
- Ensure that the u_source field in the import set table has a max length set to 100.
If there are two users with the same source and one of them is inactive, delete the inactive user or remove the source value from this user record.
If the source value differs from what is sent in the member attribute of the group import, reach out to your LDAP admin to make sure the DN sent in the user import is the same as what is sent in the member attribute for the user import.
