Skip to content

Choose your language

  • No results

Choose your login

  • No results
Support
Search

Manually Overriding the Group List

THE PAGE APPLIES TO:

Larger sites can have an enormous number of groups, for example, one PaperCut site has over 250,000 groups! When there are so many groups, the PaperCut window for choosing which groups to add to PaperCut can take a very long time to retrieve the information from the Active Directory and can actually time out. This can make selecting groups to add to PaperCut using the application web interface slow or unusable.

To work around this problem, there are two configuration options.

Option 1 - AD Group Organizational Unit Filter

If you are using the native Windows Active Directory Sync Source type, you can set the config key user-source.ad.group-ou-filter to only display groups under a certain Organizational Unit. You can change the value of a config key via Options → Config Editor. Information on how to use a config editor is given here. PaperCut expects the Organizational Unit name in a particular format as follows:

<domain>/org/unit/name

Few examples are listed below:

yourdomain.com/Import OU/Sub Import OU

yourdomain.com/Users

Please note: This configuration key will not work with the Azure AD and Azure AD Secure LDAP Sync Source types; for those, please see Option 2.

Option 2 - Manually list the set of groups

To work around this problem, there is a configuration setting that can be made where one can manually list the set of groups. Once this configuration is set, PaperCut will no longer query Active Directory, LDAP, etc. to retrieve the list of groups but will rather use the list specified in the configuration settings to populate the Available Groups window.

To enable this work-around do the following:

  1. Login to the system as an administrator (e.g. the built-in admin account).
  2. Navigate to the Options section.
  3. Click on the “Config editor (advanced)” link in the Actions list on the left.
  4. In the quick find, enter part of the config key, “override”, and press GO.
  5. Locate the required key, “user-source.group-list-override” and enter a new value for the list of groups. The list of groups can be comma separated (,) or pipe (|) separated. e.g. Group0001,Group0002,Group0003. See below for formatting required to add Org Units or for adding a “group-list-override” greater than one thousand characters.
  6. Press the Update button to the right to apply the change.

Now you can test this setting out:

  1. Navigate to the Groups section.
  2. Click on the “Add/Remove Groups” link in the Actions list on the left.

The available list of Groups should now have your list from above: e.g. Group0001,Group0002,Group0003. You will also notice a warning message at the top of the page that reminds you that this option is currently enforced: “The list of group names is not sourced from the operating system, but from the config key ‘user-source.group-list-override’.”

Important: If you have groups already entered in the interface, make sure they appear in your list. This key overrides/replaces any of your existing groups settings.

AD Organizational Unit Name Format

When entering a “group” override list, you may also use Active Directory Org Units. PaperCut expects the Org Unit names in a particular format as follows:

OU:\domain>/org/unit/name

The name must be prefixed with the with OU: which indicates to PaperCut that this is an AD Org Unit and not a normal group. Some examples include:

OU:yourdomain.com/Users

OU:anotherdomain.com/Staff

OU:domain.com/DivisionA/Staff

Group List Override Greater Than 1000 Characters

To create a list of groups larger than the maximum configuration key size of 1,000 characters, additional configuration keys can be added for the “user-source.group-list-override”. Each new key created in the format below can store an additional one thousand characters.

Key / Value Pair
user-source.group-list-override.1 / e.g. _Group0001,…,Group0099_

user-source.group-list-override.2 / e.g. _Group0100,…,Group0199_

...

user-source.group-list-override.X / e.g. _GroupXXXX,...,GroupXXXX_

To add one or more of these new configuration keys do the following:

  1. Open the Config editor (advanced)
  2. Enter the name of the key in the Name field (See above for syntax for new group-list-override keys)
  3. Enter up to 1,000 characters in the Value field
  4. Select Add

Categories: How-to Articles , User Management

Keywords: timeout , time out , browser , large AD , large groups , many groups , delays , hundreds , thousands , container , org unit , containers , LDAP

Comments

Last updated August 13, 2024