-
To determine the set of all dynamic groups in which a user is a member, perform a
search to find all dynamic group entries defined in the server using a subtree search
with a filter of
(objectClass=groupOfURLs)
.Tip:You should retrieve the
memberURL
attribute so that you can use the logic described in the previous section to determine whether the specified user is a member of each of those groups.The following table contains the search criteria to determine the set of all dynamic groups defined in the dc=example,dc=com tree.
Base DN
dc=example,dc=com
Scope
sub
Filter
(objectClass=groupOfURLs)
Requested Attributes
memberURL
$ bin/ldapsearch --baseDN "dc=example,dc=com" \ --searchScope sub "(objectClass=groupOfURLs)" "memberURL"
Each entry returned is a dynamic group definition. You can use the base, scope, and filter of its
memberURL
attribute to determine whether the user is a member of that dynamic group.