No announcement yet.
We are working on a new Active Directory importation module.
It's been activated with v4.6.2.4 of NxFilter. All the features planned have been implemented.
We are working on a new Active Directory importation module.
There will be several changes with Active Directory importation and Group and User relations for NxFilter v4.6.2.4.
1. A group can belong to another group.
NxFilter will replicate group hierarchy in Active Directory. At the moment, we only import user and group relations. With the next version, groups can belong to other groups and that means we replicate AD member relations as it is on NxFilter end.
* When you want to see all the groups a user belongs to including parent groups you can use TEST function on the user list.
2. You can set LDAP query filters for user, group importation.
You may set your own query filters for user, group importation to exclude some groups. For example, you may want to exclude the groups created by Active Directory itself. In that case, you can import the groups created after the install date of your Active Directory.
ex) (&(objectClass=group)(whenCreated>=20201231000000. 0Z))
3. A GUI created user can belong to multiple groups.
In old days, the users you created on GUI can belong to only one group. You will be able to join your users into multiple groups. However, Group Hierarchy will not be implemented for GUI created groups this time.
4. For older GUI.
If you use SandWatch GUI, you can join user and group on the edit pages of user and group both side. However, if you use the old GUI, you can do it on group edit page only and you only can join your user into one group.
5. Which policy NxFilter applies?
The same rule will be applied as it is. If there's a user policy, it will be applied. If there are multiple policies from multiple groups, the policy having the highest priority points will be applied.
Leave a comment: