Listener module adjust LDAP-filter to only run on a specifc group

UCS - Univention Corporate Server
#1

Here we go again…
I would like to only run my code when a user is in a specifc group but when I add “(memberOf=cn=normalusers,cn=groups,dc=mydomain,dc=tld)” to the filte rit sitll runs on every user change:
also, would it be possible ot use someting like “memberOf=cn=normalusers” instead?

description = 'print all names/users/uidNumbers into a file'
filter = ''.join("""\
(&
	(|
		(&
			(objectClass=posixAccount)
			(objectClass=shadowAccount)
		)
		(memberOf=cn=normalusers,cn=groups,dc=mydomain,dc=tld)
		(objectClass=univentionMail)
		(objectClass=sambaSamAccount)
		(objectClass=simpleSecurityObject)
		(objectClass=inetOrgPerson)
	)
	(!(objectClass=univentionHost))
	(!(uidNumber=0))
	(!(uid=*$))

This is the script I use as a base:

#2

Hello @letmesetupthis

some cents:

  • don’t forget the )""".split()) at the end of the filter
  • after editing your listener code, you have to do a systemctl restart univention-directory-listener.service to apply the changes
  • instead of (memberOf=cn=normalusers,cn=groups,dc=mydomain,dc=tld) you can also use (memberOf=cn=normalusers*) with regex
#3

the

)""".split())

is at the end of the filter.

and I used

systemctl restart univention-directory-listener.service

and now I’m using

(memberOf=cn=normalusers*)

but it’s also running on all other users.

#5

also had to add it here:

(!(objectClass=univentionHost))
#6
Mastodon