To determine all of the members for a static group, simply retrieve the group entry including the membership attribute. The returned entry will include the DNs of all users that are members of that group. For example, the following criteria may be used to retrieve the list of all members for the group cn=Test Group,ou=Groups,dc=example,dc=com:
Base DN cn=Test Group,ou=Groups,dc=example,dc=com
Scope base
Filter (objectClass=*)
Requested Attributes member uniqueMember

If you want to retrieve additional information about the members, such as attributes from member entries, you must issue a separate search for each member to retrieve the user entry and the desired attributes.

  • Run a base-level search to retrieve all of the members in a static group.
    $ bin/ldapsearch --baseDN "cn=Test Group,ou=Groups,dc=example,dc=com" \
      --searchScope base "(objectclass=*)" uniqueMember
    Note: If you want to retrieve attributes from member entries, it is more efficient to search all users whose isMemberOf attribute contains the group DN, returning the attributes desired.