User groups#

To enable the ability to view user groups, you must add blitz.prod.local.idp.groups following settings block:

"groups": {
  "profiles": [
    {
      "type": "mirror",
      "id": "orgs",
      "groupStore": "389ds",
      "attrsMap": {
        "name": "displayname",
      },
      "filter": "objectClass=group"
    }
  ],
  "stores": {
    "list": [
      {
        "type": "ldap_based",
        "id": "389ds",
        "desc": "Группы",
        "ldapStore": "389ds",
        "baseDN": "ou=external,ou=groups,dc=test",
        "searchScope": "SUB",
        "idAttrName": "cn",
        "membersAttrName": "uniqueMember",
        "memberOfAttrName": "memberOf",
        "newGroupAttrs": [
          {
            "attr": "objectclass",
            "format": "strings",
            "value": "top,groupOfUniqueNames,group"
          },
          {
            "attr": "dn",
            "format": "string",
            "value": "cn=${id},ou=external,ou=groups,dc=test"
          }
        ]
      }
    ]
  }
}

Specifics of settings:

  • in profiles.groupStore, stores.list.id, stores.ldapStore must be the identifier of the LDAP directory used to store users;

  • in profiles.attrsMap and stores.list.idAttrName must contain group attributes (class groups), e.g. name. Attribute names can be named differently if desired, only LDAP attributes of type String are supported;

  • in stores.list.baseDN you should check (and correct if necessary) the path for storing organizations in LDAP. If the path is corrected, also adjust the "value": "cn=${id},ou=external,ou=groups,dc=test" setting accordingly.