Announcement

Collapse
No announcement yet.

NxFilter com Active Directory

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    NxFilter com Active Directory

    I'm integrating my NxFilter with Active Directory. When I import users and groups I would like to apply the policies created by me in nxfilter only in the groups, because it would be easier to administer, but the imported users are allocated in the default policy and this overrides the groups policy.

    Is there any other way to solve my problem? Maybe some option in the settings where I can define which strategy would be best for me.

    Thanks
    Tags: None
  • #2
    There's Priority Points for a policy. When a group has multiple policies, the policy having bigger priority points will be the active one. In your case, set lower smaller for your default policy and then set bigger points for other policies.

    Comment

    • #3
      Thanks for your response.

      Is there a possibility that NxFilter the groups that will be imported from Active Directory?

      Thanks

      Comment

      • #4
        Can't follow you. NxFilter is supposed to import user, group and their relationship. Anything wrong with that? Talk about your problem in detail.

        Comment

        • #5
          In active directory I have several groups associated with a user (Nx is bringing them all), but only one of these groups interests me, the group that will be linked to the policy in nxfilter.

          Comment

          • #6
            Read this, https://nxfilter.org/tutorial/i-faq.php#decide-policy

            Especially about Priority Points. Multiple groups and multiple policies. Can't you solve it with Priority Points?

            Comment

            • #7
              I can, that's not the problem. For organizational reasons I would like to restrict the groups that are imported from AD unnecessarily.

              Comment

              • #8
                You can set Exclude Keyword for excluding certain users and groups on Active Directory setup edit page.

                Comment

                • #9
                  Okay, it's a good solution. As a suggestion, you could have, on the contrary, only which groups you want to import.

                  Comment

                  • #10
                    You can do it on LDAP query level. Use BaseDN and OU for that. However, Exclude Keyword would be a lot simpler and easier.

                    Comment

                    • #11
                      I think you misunderstood the need. If my user has 10 groups in active directory, the nxfilter import will always bring up the 10, regardless of BaseDN or OU. If I use exclusion of words like "admin" it doesn't import groups with that term but it also doesn't matter the administrator user, and that's not desirable. I suggest an option where I can choose only the groups I want and not the groups I don't want.

                      Comment

                      • #12
                        We import groups based on 'memberOf' property and something related to Primary Group of a user. When you import a user, his/her groups will be imported. I don't remember exactly but we were there like 6 or 7 years ago. We were discussing on not importing certain groups and the result was Exclude Keywords. That was the simplest solution. If you want to select groups on NxFilter GUI, that means you already import those groups.

                        Comment

                        Previous template Next
                        Working...
                        X