User connectivityActive Directory resourcesMultiple groups as roles in Active Directory

Multiple groups as roles in Active Directory

To add multiple groups from Active Directory as roles in Transact, use the dcma-user-connectivity.properties file to add multiple groups in the roles. These roles are used to restrict batch classes in Transact. The dcma-user-connectivity.properties file is controlled in the user.msactivedirectory_group_search_filter option.

The following is an example of a value for this option which allows all Active Directory groups that start with Ephe, such as groups EphesoftAdmins, EphesoftUsers, and EpheOperator. It also includes all groups that start with Operator. 

user.msactivedirectory_group_search_filter=(|(cn=Ephesoft*)(|(cn=Operator*)))

This field uses the following switches: 

# filter can have |(OR), &(AND) and
!(NOT)
# | (|(cn=a*))
# & (&(cn=a*))
# ! (!(cn=a*))

When creating a group search filter, a few things are required:

  • Include the switch option for or (|) in front of all groups which to be included.

  • Place each option in parenthesis and include the whole list in a set of parenthesis.

  • Avoid including spaces in the list of options.