Multiple groups as roles in Active Directory

Issue:

Customer would like to add multiple groups from Active Directory as roles in Ephesoft.

 

Solution:

When you set up the dcma-user-connectivity.properties file, you have the ability to add multiple groups in the roles used for restricting Batch Classes in Ephesoft.

 

In the dcma-user-connectivity.properties file, this is controlled in the ‘user.msactivedirectory_group_search_filter=’ option. The following is an example of a value for this option which allows all Active Directory groups that start with ‘Ephe’ such as groups EphesoftAdmins, EphesoftUsers, EpheOperator, etc… It also includes all groups that start with ‘Operator’.

[blockquote float=”left”]user.msactivedirectory_group_search_filter=(|(cn=Ephesoft*)(|(cn=Operator*)))[/blockquote]

 

 

This field uses the following switches:

[blockquote float=”left”]# filter can have |(OR), &(AND) and !(NOT)
# | (|(cn=a*))
# & (&(cn=a*))
# ! (!(cn=a*))[/blockquote]

 

 

 

 

 

When creating a group search filter, a few things are required:

  1. Include the switch option for or ‘|’ in front of all groups which you would like included.
  2. Place each option in parenthesis and include the whole list in a set of parenthesis.
  3. It is best not to include spaces in the list of options.