March 9th, 2010, 12:17 AM
LDAP group filter
In my organization we use nested groups.
For a particular usage, we have a group (let’s assume that the group name “kuku”), and the names of all the nested groups under it contains “kuku” as well.
We may assume that no other group in the LDAP has “kuku” in the name.
I need to create a filter which will return all the users which belong to one of the “kuku”s group.
Obviously, using this filter will bring only the head kukus
(&(&(objectclass=user)(objectclass=person))(memberOf=CN=kuku,cn=…rest of the group DN…))
How can I use wild card to fetch all users which belong to any kuku?
March 10th, 2010, 05:28 AM
The memberOf attribute needs to be indexed, then you can use *
I don't think the CN= should be there.
March 12th, 2010, 06:10 PM
the uniquemembership in the parent group will contain the CN of each of the child group or if a single child is nested and then another child nested in child1 and so on. First you get the members from group1 and grep the KuKu groups from it then for each of them you get their members and grep again for KuKu and so on, then concatenate the uses into a single list and return them. For the Sun DS group nesting is supported to 5 levels, so if your keeping to standards you code need only look 5 levels deep for nested groups.