On this tab, you can import groups and the group structure from the LDAP source. There are four different ways of specifying which groups are imported. You can use multiple different methods together and by each method, you can create different groups of users. You can also select to import the groups under an existing group in MyQ.

LDAP sync groups tab

  • Do not change default group: A user can be a member of multiple groups but all their prints, copies and scans are accounted to only one group: the default (accounting) group of the user. If you select this option, the default group of the selected user does not change during the synchronization.

  • Import groups under this group: You can select an existing group in MyQ under which you import the groups from the LDAP database.

  • Groups stored in user's attribute:

    • Attribute: You can select this option if you want to use an attribute that defines groups in the LDAP database. To add it, type the name of the attribute in the property text box or drag the attribute from any individual user and drop it in the Attribute text box.

      Dragging and dropping attributes

      You can also create groups by combining multiple attributes. To create such groups, put each of the attributes between two percentage signs (%). For example, the combination of attributes %attribute1%_%attribute 2% , imports a new group named value1_value2.

      Attributes combination example

      Furthermore, you can create tree structures of groups by separating the attributes with vertical bars. For example, the combination of attributes %attribute1%|%attribute2%, imports a group value1, and its sub-group value 2.

    • Make default: If you select this option, the group becomes the default group of the imported user.

  • Group stored in user's DN:

    • OU component index: Here you can select a group by its OU (organizational unit) index among the DN components. The index is counted from right to left: the first OU group from the right has index 1, the second from the right has index 2 and so on.

      DN component with 3 OU example

      On the image above, there are three OU groups: MYQ_IMPORT_TEST has index 1 (as it is the first OU group from the right), famous_people has index 2 and Painters has index 3. The other components are not OU and therefore have no index.

    • Make default: If you select this option, the group becomes the default group of the imported user.

  • Tree group stored in user's DN: Here you can import the whole tree structure of groups. You can restrict the import to any part of the structure by striping the DN components from the left and from the right. In the respective text boxes, enter the amount of components to be striped from the left and
    from the right side. You have to strip at least one component from the left (the user CN component) and one component from the right (the right-most DC component).

    User DN components example

    On the image above, there are six components. If you strip one component from the left and one from the right, you import the following structure of groups: testAD > MYQ_IMPORT_TEST > famous_people > Painters. By stripping components from the left, you remove the groups from the bottom to the top of the structure. By stripping components from the right, you remove the groups from the top to the bottom of the structure.

    • Make default: If you select this option, the bottom group of the imported structure becomes the default group of the imported user.

  • Group stored in user's memberOf attribute:

    • Group base DN: MyQ can import security and distribution groups stored in the user's memberOf attribute. The security groups are used to define access permissions granted to their members. Distribution groups can be used for sending emails to a group of users. To specify which groups should be taken into consideration during the import, you have to insert the groups base DN. MyQ imports only groups that are included in the base DN; other groups stored in the memberOf attribute are ignored. The group base DN does not have to be in the same organizational unit as the users base domain. If a user is member of more than one group on the LDAP server, all the groups are stored in the memberOf attribute. Therefore, the Make default option, which requires a single value, is not available for this method of import.
      To add the groups base DN, drag it from the database browser and drop it in the Group base DN text box.

    • Filter: You can filter this import by specifying the values of attributes. Add the conditions in the form: Attribute=Value. Groups with a different value on this attribute are not accepted and are filtered out of the import. You can use the * symbol to search for substrings. The symbol can be appended from both sides. For example, if you add a cn=*in* condition, only users whose common name attribute contains "in" are accepted. You can add one condition per row. Groups are accepted if they satisfy at least one condition.

      Groups stored in the membeOf attribute import example
    • Import empty groups: If you select this option, groups from the Group base DN are imported even if there is no user having them in their memberOf attribute.

    • Import tree of groups: If you select this option, the whole tree structure is imported. Otherwise all groups are added separately; not as a part of a tree structure.