Google LDAP Limit to Group or OU

[mrbryce2000]

Greetings,

I have LDAP setup to use Google Workspace as per the following instructions: https://snipe-it.readme.io/docs/hosted-ldap-providers

This works and shows the entire list of users. I instead want to only sync the users in the Students OU. This OU has many sub OUs, which is how we organize the students per year.

Modifying the LDAP settings in Snipe-IT to only sync the students accounts has been challenging.

• If I modify the base DN to ou=Students,dc=example,ec=com: ldapsearch fails with no object found
• If I have the DN as dc=example,dc=com and add (ou=Students) to the LDAP filter field: LDAP connection successful but no users returned from query
• If I try a security group and have &(memberOf=CN=snipetest,DC=example,DC=com) in the LDAP Filter: no users returned from query.

Any idea what I'm missing? So far the test sync only works if I leave the base DN as dc=example,dc=com and the following in the LDAP filter: &(cn=*)(objectClass=person)

I am currently running Snipe-IT version 8.1.16 on prem. It is not an issue with LDAP on the server or any firewall rules, since it works with the base settings from the instructions.

Thank you for your advice.

[mrbryce2000]

Alright, I was finally able to figure it out! I had to keep the LDAP filter as shown in the instructions, but set the Base Bind DN to the following: ou=Students,ou=Users,dc=example,dc=com

This revelation happened while I was looking through the Google LDAP audit logs and saw a successful bind from another application that also uses Google LDAP. That provided the clue that I needed.

[uberbrady]

Great news! I was just writing up a whole long response to what you wrote, but yours is much better. Thank you for sharing that with us!