Reset Search
 

 

Article

Q&A What are the most common methods to match Active Directory LDAP users to the groups they are associated with - memberOf vs primaryGroupID

« Go Back

Information

 
TitleQ&A What are the most common methods to match Active Directory LDAP users to the groups they are associated with - memberOf vs primaryGroupID
Question
What are the most common methods to match Active Directory LDAP users to the groups they are associated with?
Environment
  • Extreme Management Center (XMC, formerly NetSight)
  • Extreme Control (NAC)
  • Extreme Guest & IoT Manager (GIM)
  • All Software Releases
Answer
The two most common methods to match users to groups they are associated with against Microsoft Active Directory are:  

Extreme Management Center

  • Administration -> Users -> Authorization Groups
  • Membership Criteria can be set to use memberOf, primaryGroupId or any other accessible attribute value pair.
Extreme Control
  • Control > Access Control -> Group Editor -> User Groups -> Type: LDAP User Group
  • Attribute Name can be set to use memberOf, primaryGroupId, or any other accessible attribute value pair.
  • Attribute Value will be the DN or groupId integer value respectively.
Guest & IoT Manager (see Note)
  • Onboarding Templates -> Advanced
  • LDAP Provisioner DN is set to use memberOf attribute only.
Additional notes
Note for Active Directory:
  • By design the primary group a user is associated with is *not* included in the memberOf attribute response.
  • The primary group a user is associated with is specified by the primaryGroupId attribute and is an integer value.
  • For additional information please see "User Security Attributes".

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255