To determine the set of all static groups in which a user is specified as a member, perform a subtree search based at the top of the DIT. The search filter must be configured to match any type of static group in which the specified user is a member.

For example, the following criteria may be used to determine the set of all static groups in which the user, uid=john.doc,ou=People,dc=example,dc=com, is a member:
Base DN dc=example,dc=com
Scope sub
Filter (|(&(objectClass=groupOfNames) (member=uid=john.doe,ou=People,dc=example,dc=com)) (&(objectClass=groupOfUniqueNames)(uniqueMem- ber=uid=john.doe,ou=People,dc=example,dc=com)) (&(objectClass=groupOfEntries) (member=uid=john.doe,ou=People,dc=example,dc=com)))
Requested Attributes 1.1

Every entry returned from the search represents a static group in which the specified user is a member.

  • Run a sub-level search to retrieve the static groups to which a user belongs.
    $ bin/ldapsearch --baseDN "dc=example,dc=com" --searchScope sub \
      "(|(&(objectClass=groupOfNames) 
      (member=uid=john.doe,ou=People,dc=example,dc=com)) \
      (&(objectClass=groupOfUniqueNames)\
      (uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)) \
      (&(objectClass=groupOfEntries) \
      (member=uid=john.doe,ou=People,dc=example,dc=com)))" "1.1"
    Note: A base level search of the user's entry for isMemberOf or isDirectMemberOf virtual attributes will give the same results. You can also use the virtual attributes with virtual static groups.