PingDirectory

Determining the dynamic groups to which a user belongs

Steps

  • To determine the set of all dynamic groups in which a user is a member, perform a search to find all dynamic group entries defined in the server using a subtree search with a filter of (objectClass=groupOfURLs).

    You should retrieve the memberURL attribute so that you can use the logic described in the previous section to determine whether the specified user is a member of each of those groups.

    Example:

    The following table contains the search criteria to determine the set of all dynamic groups defined in the dc=example,dc=com tree.

    Base DN

    dc=example,dc=com

    Scope

    sub

    Filter

    (objectClass=groupOfURLs)

    Requested Attributes

    memberURL

    Example:

    $ bin/ldapsearch --baseDN "dc=example,dc=com" \
  --searchScope sub "(objectClass=groupOfURLs)" "memberURL"

    Result:

    Each entry returned is a dynamic group definition. You can use the base, scope, and filter of its memberURL attribute to determine whether the user is a member of that dynamic group.