User groups#
To enable the ability to view user groups, you must add blitz.prod.local.idp.groups
following settings block:
"groups": {
"profiles": [
{
"type": "mirror",
"id": "orgs",
"groupStore": "389ds",
"attrsMap": {
"name": "displayname",
},
"filter": "objectClass=group"
}
],
"stores": {
"list": [
{
"type": "ldap_based",
"id": "389ds",
"desc": "Группы",
"ldapStore": "389ds",
"baseDN": "ou=external,ou=groups,dc=test",
"searchScope": "SUB",
"idAttrName": "cn",
"membersAttrName": "uniqueMember",
"memberOfAttrName": "memberOf",
"newGroupAttrs": [
{
"attr": "objectclass",
"format": "strings",
"value": "top,groupOfUniqueNames,group"
},
{
"attr": "dn",
"format": "string",
"value": "cn=${id},ou=external,ou=groups,dc=test"
}
]
}
]
}
}
Specifics of settings:
in
profiles.groupStore
,stores.list.id
,stores.ldapStore
must be the identifier of the LDAP directory used to store users;in
profiles.attrsMap
andstores.list.idAttrName
must contain group attributes (classgroups
), e.g.name
. Attribute names can be named differently if desired, only LDAP attributes of typeString
are supported;in
stores.list.baseDN
you should check (and correct if necessary) the path for storing organizations in LDAP. If the path is corrected, also adjust the"value": "cn=${id},ou=external,ou=groups,dc=test"
setting accordingly.