The following summary of commands show the fastest way to retrieve direct or indirect member DNs for groups.
  • To retrieve direct member (non-nested) DNs of group "cn=group.1,ou=groups,dc=example,dc=com".
    $ bin/ldapsearch --baseDN "cn=group.1,ou=Groups,dc=example,dc=com" "(objectClass=*)" uniqueMember member
  • To retrieve direct member entries (non-nested) under "dc=example,dc=com" of group "cn=group.1,ou=groups,dc=example,dc=com". This is useful when attributes from member entries are used in the filter or being returned.
    $ bin/ldapsearch --baseDN "ou=people,dc=example,dc=com" "(isDirectMemberOf=cn=group.1,ou=Groups,dc=example,dc=com)"
  • To retrieve group DNs in which user "uid=user.2,ou=people,dc=example,dc=com" is a direct member (non-nested, static groups).
    $ bin/ldapsearch --baseDN "uid=user.2,ou=people,dc=example,dc=com" "(objectClass=*)" isDirectMemberOf
  • To retrieve all member entries under ou=people,dc=example,dc=com of group "cn=group.1,ou=groups,dc=example,dc=com".
    $ bin/ldapsearch --baseDN "ou=people,dc=example,dc=com" "(isMemberOf=cn=group.1,ou=Groups,dc=example,dc=com)"
  • To retrieve the group DNs in which user "uid=user.2,ou=people,dc=example,dc=com" is a member.
    $ bin/ldapsearch --baseDN "uid=user.2,ou=people,dc=example,dc=com" "(objectClass=*)" isMemberOf