I could use some help getting the proper LDAP filter to get the groups a user is member of.
I have this kind of tree:
base: dc=base,o=org
Within that tree, I have a bunch of ou= , roughly split like
ou=users
ou=groups
The users (of type inetOrgPerson) are defined in "ou=users"
The groups those users can be member of are within "ou=groups".
so you get a user: cn=user,ou=users,dc=base,o=org who also has uid=user
and a groupofUniquenames: cn=group,ou=groups,dc=base,o=org
Of course, there are quite a bunch of groups, along with quite a bunch of users.
Of a specific user, I'd like to see which groups they're member of.
So I thought this kind of search would do me a favor:
Code:
ldapsearch -Wx -H ldap://localhost -Dcn=Manager,dc=base,o=org -bdc=base,o=org '(!(uid=user))' memberOf
However, I seem to get returned all groups, rather than those they're member of... What am I doing wrong? (or what am I doing right, for that matter) It's been ages since I last did real LDAP stuff, and kinda lost the knowledge.
We use openLDAP 2.4