Get help with Cisco Meeting Server and Cisco Meeting Apps

Find answers quickly with these FAQs.



» »

How do I import a security group from the Active Directory server using the API?

  1. Create a security group on the Active Directory Server and add some users to the group.
  2. On the Directory information tree structure, create ldapServers, ldapMappings and ldapSources using the Meeting Server API. (See the API Reference guide for details.)

    When posting ldapSources, a POST URL format has to be used: see the following example.

    In this example, Active Directory in Windows Server 2008 R2 64bit and Postman are used.


    To import users from a security group called “demouser” with baseDn (cn=Users, dc=acanodemo, dc=com), we suggest the filter (see over page):
    (filter=%28%26%28memberOf%3A1.2.840.113556.1.4.1941%3A%3Dcn%3Ddemouser%2Ccn
    %3DUsers%2Cdc%3Dacanodemo%2Cdc%3Dcom%29%28objectClass%3Dperson%29%29) 

     

    Note: Entering the same filter through a user interface and by using the API requires slightly different strings. Using the example above:

    Filter on web page:
    (&(memberOf:1.2.840.113556.1.4.1941:=cn=demouser,cn=Users,dc=acanodemo,
    dc=com)(objectClass=person))
    Filter through API: %28%26%28memberOf%3A1.2.840.113556.1.4.1941%3A%3Dcn%3Ddemouser%2Ccn
    %3DUsers%2Cdc%3Dacanodemo%2Cdc%3Dcom%29%28objectClass%3Dperson%29%29

     

    The following output of GET should be seen.

    <filter>(&(memberOf:1.2.840.113556.1.4.1941:=cn=demouser,cn=Users,dc=acanodemo,
    dc=com)(objectClass=person))</filter>

  3. Start a Sync either using the API or the Web Admin Interface.

    Users who are members of the security group and imported to the Meeting Server are shown in the Web Admin Interface Status > Users page as below.


    If users are not imported, try the following:

  4. If possible, delete all LdapSources through the API, configure these sources using the Active Directory Web interface, and then check if users are imported when synchronizing.
  5. If the first method is not possible, modify the filter to be a simple one; for example, “objectClass=person” and try to import users from an OU. This will confirm that the issue is with the filter.