Filr does not honor rights based on Organizational Role in eDirectory

  • 7023061
  • 07-Jun-2018
  • 21-Jun-2018

Environment

Micro Focus Filr 3.4

Situation

For OES based Filr Net Folders for eDirectory provisioned Filr users, the option to allow rights based on Organizational Role (organizationalRole) is not honored in Filr. As a result, Filr is unable to grant Net Folder access rights to users if their rights are defined based on their organizationalRole. Filr only allows access if the user has direct (explicit) rights assignments or part of an eDirectory groups which has rights on the desired resource.

Resolution

A fix for this issue is available in the Filr 3.4 Update.

With the fix in place, Filr will be able to import eDirectory Organizational Roles as part of LDAP Sync and grant Net Folder rights to imported Organizational Roles just like groups. Note that any existing LDAP connections will remain intact and will not import the Organizational Roles by default. New LDAP connections as well as new Base DN's under LDAP Groups will import the Oraganizational Roles by default.

If you wish to modify your existing LDAP connection(s) and import Organizational Roles, please follow the steps in the Additional Information section below.

Additional Information

Modify LDAP Configuration to import eDirectory Organizational Roles as Filr groups:
  1. Ensure you have updated to Filr version 3.4
  2. Login as admin and visit Administration Console >  System > LDAP
  3. Click on your eDirectory LDAP connection and visit the Groups tab
  4. Click on the Base DN from where you want to import Organizational Roles as groups
  5. Replace the existing filter as follows:
    Before: (|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))
    After: (|(objectClass=organizationalRole)(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))
  6. Click OK on all open prompts and save changes to your LDAP configuration
  7. Run a LDAP Sync and notice that your Organizational Roles are imported as Filr groups which you can now assign to Net Folder Rights