Summary of commands to search for group membership
The following summary of commands show the fastest way to retrieve direct or indirect member distinguished names (DNs) for groups.
-
To retrieve direct member, non-nested DNs of group
cn=group.1,ou=groups,dc=example,dc=com, run the following.$ bin/ldapsearch --baseDN "cn=group.1,ou=Groups,dc=example,dc=com" "(objectClass=*)" uniqueMember member -
To retrieve direct member entries or non-nested under
dc=example,dc=comof groupcn=group.1,ou=groups,dc=example,dc=com, run the following.$ bin/ldapsearch --baseDN "ou=people,dc=example,dc=com" "(isDirectMemberOf=cn=group.1,ou=Groups,dc=example,dc=com)"This is useful when attributes from member entries are used in the filter or being returned.
-
To retrieve group DNs in which user
uid=user.2,ou=people,dc=example,dc=comis a direct member or non-nested, static groups, run the following.$ bin/ldapsearch --baseDN "uid=user.2,ou=people,dc=example,dc=com" "(objectClass=*)" isDirectMemberOf -
To retrieve all member entries under
ou=people,dc=example,dc=comof groupcn=group.1,ou=groups,dc=example,dc=com, run the following.$ bin/ldapsearch --baseDN "ou=people,dc=example,dc=com" "(isMemberOf=cn=group.1,ou=Groups,dc=example,dc=com)" -
To retrieve the group DNs in which user
uid=user.2,ou=people,dc=example,dc=comis a member, run the following.$ bin/ldapsearch --baseDN "uid=user.2,ou=people,dc=example,dc=com" "(objectClass=*)" isMemberOf