Datagerry Active Diretcory Group Mapping advise


I set-up DG to use our AD.

Users can authenticate, and a local user is then created in DG. All good.

I would like a default group placement of Viewer, which works.

Some subsets of users must be Users whilst others must be Administrators. Unfortunately, I have ben unable to get this works.

This the configuration that I added to the Authentication tab:


Search filter: OU=PERS USR,OU=USR,DC=example,DC=local
BaseDN: (cn=%username%)

Group Mapping
Search Filter: (memberOf=%username%)

LDAP DN:                                                                                                       Group:
CN=DEVDG_DATAGERRYADMIN,OU=Organisational,OU=GRP_DATAGERRY,OU=GRP_BB,DC=example,DC=local              Administrator
CN=DEVDG_DATAGERRYUSER,OU=Organisational,OU=GRP_DATAGERRY,OU=GRP_BB,DC=example,DC=local               User

When a user logs into DG, then they are only assigned Viewer, but never Administrator or User roles.

Also saw these messages in the log files when users log in. I do not know if these are relevent:

[WARNING ] --- [LdapAuthenticationProvider] UserModel exists on LDAP but not in database: Error while GET: User with the query: {'user_name': 'kate'} not found! (
[DEBUG   ] --- [LdapAuthenticationProvider] Try creating user: kate(
[DEBUG   ] --- [LdapAuthenticationProvider] New user was init (

Have you got any ideas on how how the group mapping ought to work, and why my setup might not?

Many thanks!


A colegue solved the problem. Add some brackets to the Group search filter.

Added here for future reference:

(member=CN=%username%,OU=PERS USR,OU=USR,DC=example,DC=local)