To determine the set of all dynamic groups in which a user is a member, perform a
search to find all dynamic group entries defined in the server using a subtree search
with a filter of
You should retrieve the
memberURLattribute so that you can use the logic described in the previous section to determine whether the specified user is a member of each of those groups.
The following table contains the search criteria to determine the set of all dynamic groups defined in the dc=example,dc=com tree.
$ bin/ldapsearch --baseDN "dc=example,dc=com" \ --searchScope sub "(objectClass=groupOfURLs)" "memberURL"
Each entry returned is a dynamic group definition. You can use the base, scope, and filter of its
memberURLattribute to determine whether the user is a member of that dynamic group.