Working with AD and LDAP

Managing Group Memberships.

The best approach is to iterate over the groups you plan to update, using a connector loop in the assembly line to build the member attribute's list of values.

Feed
   LDAP_Iterator (Search Base set to: OU=Groups,DC=compay,DC=com, Search Filter set to: CN=*, map DN and member)
Data Flow
  IF: is the right group
  Script_Delete_Current_Members (just create a new attribute overtop the existing one)
  FOR-EACH: result in this database connection result set
        Contruct DN from current row
        LDAP_Lookup: to make sure this DN is valid
              Default Success (addValue to an attribute)
              Default Error (log that it wasn't found)
  LDAP_Update (link on the dn you mapped above)

The problem is, it won't create any new groups for you, so you may have to punt when you need to create them dynamically.



Comments