LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page OpenLDAP - Query to get the groups a user is member of
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-13-2014, 02:23 PM   #1
Ramurd
Member
 
Registered: Mar 2009
Location: Rotterdam, the Netherlands
Distribution: Slackwarelinux
Posts: 703

Rep: Reputation: 111Reputation: 111
OpenLDAP - Query to get the groups a user is member of

I could use some help getting the proper LDAP filter to get the groups a user is member of.

I have this kind of tree:
base: dc=base,o=org

Within that tree, I have a bunch of ou= , roughly split like
ou=users
ou=groups

The users (of type inetOrgPerson) are defined in "ou=users"
The groups those users can be member of are within "ou=groups".

so you get a user: cn=user,ou=users,dc=base,o=org who also has uid=user
and a groupofUniquenames: cn=group,ou=groups,dc=base,o=org

Of course, there are quite a bunch of groups, along with quite a bunch of users.
Of a specific user, I'd like to see which groups they're member of.

So I thought this kind of search would do me a favor:

Code:
ldapsearch -Wx -H ldap://localhost -Dcn=Manager,dc=base,o=org -bdc=base,o=org '(!(uid=user))' memberOf
However, I seem to get returned all groups, rather than those they're member of... What am I doing wrong? (or what am I doing right, for that matter) It's been ages since I last did real LDAP stuff, and kinda lost the knowledge.

We use openLDAP 2.4
 
Old 03-14-2014, 02:31 AM   #2
Ramurd
Member
 
Registered: Mar 2009
Location: Rotterdam, the Netherlands
Distribution: Slackwarelinux
Posts: 703

Original Poster
Rep: Reputation: 111Reputation: 111
The filter: '(uid=<username>)' isMemberof

Does the trick of finding the cn

(&(objectclass=groupOfUniqueNames)(uniqueMember=<cn of user>))' dn

Does the trick of finding the group memberships

Now it would be cool to somehow combine these queries, so that I can find the memberships by uid rather than finding the cn...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenLDAP can't query from client elalexluna83 Linux - Server 1 01-03-2013 11:44 PM
[SOLVED] Adding users to multiple groups in Openldap skimeer Linux - Newbie 1 09-03-2012 01:36 AM
OpenLDAP-based SSH login by groups fantasygoat Linux - Security 14 11-02-2009 11:58 PM
OpenLDAP query Active Directory noir911 Linux - Server 0 04-30-2008 06:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:53 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration