Page created: 22 Jul 2020 |
Page updated: 1 Feb 2021
To determine whether a user is a member of a specific dynamic group, you must verify that the user's entry is both within the scope of the member URL and that it matches the filter contained in that URL. You can verify that a user's entry is within the scope of the URL using simple client-side only processing. Evaluating the filter against the entry on the client side can be more complicated. While possible, particularly in clients that are able to perform schema-aware evaluation, a simple alternative is to perform a base-level search to retrieve the user's entry with the filter contained in the member URL.
For example, to determine whether the user uid=john.doe,ou=People,dc=example,dc=com is a member of the dynamic group with the above member URL, issue a search with the following criteria:
Note that the search requires the user DN to be under the search base
defined in the
memberurlattribute for the user to be a member. If the search returns an entry, then the user is a member of the specified group. If the search does not return any entries, then the user is not a member of the group.