PingDirectory

Searching inverted static groups

Determining membership in inverted static groups is similar to determining membership in traditional static groups and dynamic groups.

Steps

  • To query whether a user is a member of a specific inverted static group, you can:

    Choose from:

    • Search for the group DN in the isMemberOf attribute of a user.

    • Perform a baseObject search against a user entry with a filter such as "(isMemberOf=\{group DN})".

      If the search returns the user’s entry, then the user is a member of that group. If the search doesn’t return any entries, then the user isn’t a member of the group.

    • Perform a compare operation against a user entry with an attribute type of isMemberOf and an assertion value that matches the DN of the target group.

      If the response has a result code of COMPARE_TRUE, then the user is a member of the group. If the result code is COMPARE_FALSE, then the user is not a member of the group.

  • To identify the entire set of members of an inverted static group, perform a subtree equality search against isMemberOf.

    Example:

    (isMemberOf=cn=Example Inverted Static Group,ou=groups,dc=example,dc=com)