#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    1
    Rep Power
    0

    LDAP group filter


    Hi all,
    In my organization we use nested groups.
    For a particular usage, we have a group (let’s assume that the group name “kuku”), and the names of all the nested groups under it contains “kuku” as well.
    We may assume that no other group in the LDAP has “kuku” in the name.
    I need to create a filter which will return all the users which belong to one of the “kuku”s group.
    Obviously, using this filter will bring only the head kukus
    (&(&(objectclass=user)(objectclass=person))(memberOf=CN=kuku,cn=…rest of the group DN…))
    How can I use wild card to fetch all users which belong to any kuku?
    For example:
    (&(&(objectclass=user)(objectclass=person))(memberOf=CN=.*kuku.*))
    Thanks,
    Asi
  2. #2
  3. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    The memberOf attribute needs to be indexed, then you can use *

    (&(&(objectclass=user)(objectclass=person))(memberOf=*kuku.*))

    I don't think the CN= should be there.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Location
    Charlotte, NC
    Posts
    111
    Rep Power
    9
    the uniquemembership in the parent group will contain the CN of each of the child group or if a single child is nested and then another child nested in child1 and so on. First you get the members from group1 and grep the KuKu groups from it then for each of them you get their members and grep again for KuKu and so on, then concatenate the uses into a single list and return them. For the Sun DS group nesting is supported to 5 levels, so if your keeping to standards you code need only look 5 levels deep for nested groups.

IMN logo majestic logo threadwatch logo seochat tools logo