LdapRecord-Laravel: [Bug] Invalid count of users when trying to import ldap users with group filter
Environment:
- LDAP Server Type: ActiveDirectory
- LdapRecord-Laravel Major Version: v2
- PHP Version: 8.0
Describe the bug:
I’m trying to import users with the following artisan command:
php artisan ldap:import users --filter="(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=XXX,OU=XXX,DC=XXX,DC=XXX))"
Also the command
php artisan ldap:import users --filter="(&(objectClass=user)(memberof=CN=XXX,OU=XXX,DC=XXX,DC=XXX))"
is not working. It’s only showing up three users:
Found [3] user(s).
Would you like to display the user(s) to be imported / synchronized? (yes/no) [no]:
But in the group are 55 users:
PS C:\Windows\system32> $users = @(Get-ADGroupMember -Identity 'XXX')
PS C:\Windows\system32> $users.count
55
What am I doing wrong?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 16 (7 by maintainers)
Awesome @Restingo! Glad you were able to resolve it! 🎉
I’ve certainly had this issue in the past. Active Directory is a tricky beast when it comes to role and permission management. Depending on a user’s role & permissions, they may not be granted access to view specific attributes on specific object types, be blocked from accessing objects inside certain OU’s, blocked from modifying certain attributes, and blocked from executing certain actions.
Domain Administrators typically have unrestricted access to AD (which can be dangerous if applied sporadically), so it’s helpful to add users to the group to see if what you’re encountering is in-fact a permission problem.
Once you know it’s a permission issue, you can then create a new role for the user and start adding permissions to it until your Laravel application functions as expected, so the LDAP user you are connecting with doesn’t have too much access.
Thanks for your fast reply! Can I also use a rule to import?