PingDirectory

Determining the static groups to which a user belongs

Steps

  • To determine the set of all static groups in which a user is specified as a member, perform a subtree search based at the top of the directory information tree (DIT).

    Configure the search filter to match any type of static group in which the specified user is a member.

    Example:

    The following table contains the search criteria to determine the set of all static groups in which the user uid=john.doc,ou=People,dc=example,dc=com is a member.

    Base DN

    dc=example,dc=com

    Scope

    sub

    Filter

    (|(&(objectClass=groupOfNames) (member=uid=john.doe,ou=People,dc=example,dc=com)) (&(objectClass=groupOfUniqueNames)(uniqueMem- ber=uid=john.doe,ou=People,dc=example,dc=com)) (&(objectClass=groupOfEntries) (member=uid=john.doe,ou=People,dc=example,dc=com)))

    Requested attributes

    1.1

    Example:

    $ bin/ldapsearch --baseDN "dc=example,dc=com" --searchScope sub \
  "(|(&(objectClass=groupOfNames)
  (member=uid=john.doe,ou=People,dc=example,dc=com)) \
  (&(objectClass=groupOfUniqueNames)\
  (uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)) \
  (&(objectClass=groupOfEntries) \
  (member=uid=john.doe,ou=People,dc=example,dc=com)))" "1.1"

    Result:

    Entries returned from the search represent each static group in which the specified user is a member.

    A base level search of the user’s entry for isMemberOf or isDirectMemberOf virtual attributes gives the same results. You can also use the virtual attributes with virtual static groups.