Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
To determine whether a user is a member of a specified group, perform a base-level search to retrieve the group entry with an equality filter looking for the membership attribute of a value equal to the DN of the specified user.
For best performance, you will want to include a specific attribute list (just "cn",
or "1.1" request that no attributes be returned) so that the entire member list is
not returned. For example, to determine whether the user
"uid=john.doe,ou=People,dc=example,dc=com" is a member of
the
groupOfNames
static group "cn=Test
Group,ou=Groups,dc=example,dc=com", issue a search with the following
criteria:Base DN | cn=Test Group,ou=Groups,dc=example,dc=com |
Scope | base |
Filter | (member=uid=john.doe,ou=People,dc=example,dc=com) |
Requested Attributes | 1.1 |
If the search returns an entry, then the user is a member of the specified group. If
the search does not return any entries, then the user is not a member of the group.
If you do not know the membership attribute for the specified group (it could be
either a
member
or uniqueMember
attribute), then
you may want to revise the filter so that it allows either one as
follows:(|(member=uid=john.doe,ou=People,dc=example,dc=com)(uniqueMember=uid=john.doe,ou=People,dc=example,dc=com))