OME 3.9.0 wiped out imported LDAP group

Question

We recently upgraded to OME 3.9.0 from 3.8.14, and found our previously imported group wiped out. LDAP settings are still there and OME can still connect. But when I tried to reimport, OME says a required attribute "Group Type" cannot be empty. I consulted https://www.dell.com/support/manuals/en-vc/dell-openmanage-enterprise/ome_p_3.9_users_guide/add-or-edit-lightweight-directory-access-protocol-groups-to-be-used-with-directory-services and https://www.dell.com/support/manuals/en-vc/dell-openmanage-enterprise/ome_p_3.9_users_guide/import-ad-and-ldap-groups but cannot find information on how this attribute is assigned/mapped.

Does anyone else see this problem? How do I assign a "group type"?

DELL-Young E · Answer

Hi @valley. I will ask around if there's a way. Thank you for your patience in advance. We wish you a good one.

DELL-Young E · Answer

Hi, we might not have all the information you want but that attribute is populated through the LDAP server itself. What are you using for LDAP?

Like here is a group (attached) before we import it called Domain Admins. As you can see it has a Group Type of Security.

valley · Answer

Thanks for the input, @DELL-Young E. The screenshot seems to be from OME itself, so it doesn't tell me which AD/LDAP attribute is being used as Group Type.

I understand that Microsoft has its own ideas about group attributes as it has forked from LDAP. But to my understanding, most non-AD LDAP schemas, including the original Netscape LDAP schema - which many organizations use as the starting point, do not always define a Type for groups; specifically, there is no universal attribute that is designated as a Type. I really do not look forward to change my schema just to match Microsoft's fancy.

We use 389DS, a direct descendent from Netscape LDAP. Our groups are defined in ou=Groups; the only attribute in this tree is aci.

Dell OpenManage Enterprise

OME 3.9.0 wiped out imported LDAP group

Was this post helpful?