By: Nicolas Assain user 05 Jun 2020 at 9:38 a.m. CDT

8 Responses
Nicolas Assain gravatar
Hi Team, When I check the user group membership on the Person Add Form screen, I see that all the groups that my user is related to are "inum=,ou=grou", instead of showing the group name of each. MemberOf = inum=60B7,ou=groups,o=gluu instead of "Gluu Manager Group", MemberOf 1 = inum=1e38a8ff-2180-4203-b625-29f210c6d32a,ou=groups,o=gluu instead of "jira-administrators" And I see the same values when running a test on the SSO in JIRA. It's possible to correct this and show the group names instead of the inum's?

By Aliaksandr Samuseu staff 05 Jun 2020 at 10:37 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, Nicolas. How exactly did you populate the `memberOf` attribute? Do you mean you created some groups using oxTrust admin webUI and added your users to them? Or is your group membership data imported from some external source (for example, with Cache Refresh)?

By Aliaksandr Samuseu staff 05 Jun 2020 at 10:45 a.m. CDT

Aliaksandr Samuseu gravatar
If you mean that groups were created in web UI, you need to take into account that Gluu Server will send **user's attributes** during SSO flows. As group's name is not user's attribute, you can't send it "as is". Instead, you could add a custom attribute to each user that would contain a "human-readable" names of the groups they are part of. Or you could populate `memberOf` attribute directly, putting such names there (or using Cache Refresh).

By Nicolas Assain user 05 Jun 2020 at 10:58 a.m. CDT

Nicolas Assain gravatar
https://support.gluu.org/single-sign-on/8464/gluu-memberof-is-inum-not-group-name/#at60988 Thanks for replying back this fast! I'm using Gluu as LDAP, so the users and groups are created within Gluu. Whenever I add a user into a group already created in Gluu (eg. jira-administrators, jira-xxxx, etc), when I go to the user account (in Gluu) to check name, username, email and groups this user is "memberOf", I see only inum=60B7,ou=groups,o=gluu, but not the real group name (jira-administrators). ![](https://photos.app.goo.gl/Jpxc1cjeh4N1Z8pe6)

By Michael Schwartz staff 05 Jun 2020 at 11:23 a.m. CDT

Michael Schwartz gravatar
This is not a bug. The syntax for the memberOf attribute is DN, not string. If you want to release memberOf to applications, you may want to transform it in a dynamic scopes script. You can also do an LDAP lookup on the group and return the cn.

By Nicolas Assain user 05 Jun 2020 at 11:52 a.m. CDT

Nicolas Assain gravatar
Hi @Michael.Schwartz, I know that this isn't a BUG, I just want to know how can I see it as text instead of DN format. Could you please guide me to develop a Dynamic Scope for this?

By Michael Schwartz staff 05 Jun 2020 at 12:22 p.m. CDT

Michael Schwartz gravatar
Define a [Scope]((https://gluu.org/docs/gluu-server/4.1/admin-guide/openid-connect/#scopes) as type "Dynamic" and then write a Dynamic scope script to iterate through the memberOf values, and do an LDAP lookup for each to resolve the cn.

By Sahil Arora staff 05 Jun 2020 at 3:12 p.m. CDT

Sahil Arora gravatar
Hi Nicolas, You can refer [this](https://support.gluu.org/identity-management/8255/oauth-member_of-attribute/#at59226) ticket for the similar requirement and use the [same](https://raw.githubusercontent.com/GluuFederation/community-edition-setup/a499f461038b5446a0fda01857bd3a6427b19697/static/extension/dynamic_scope/memberof_attribute.py) script.

By Nicolas Assain user 05 Jun 2020 at 3:29 p.m. CDT

Nicolas Assain gravatar
Thanks a lot @Sahil.Arora, that script worked like a charm!!