To determine whether a user is a member of a specific dynamic group, run a
base-level search to verify that the user's entry is both within the scope of the
member URL and that it matches the filter contained in that URL.
You can verify that a user's entry is within the scope of the URL using simple client-side only processing. Evaluating the filter against the entry on the client side is more complicated. While possible, especially in clients able to perform schema-aware evaluation, a simple alternative is to perform a base-level search to retrieve the user's entry with the filter contained in the member URL.
This table contains the search criteria to determine if the user uid=john.doe,ou=People,dc=example,dc=com is a member of the dynamic group with the desired member URL.
$ bin/ldapsearch --baseDN "uid=john.doe,ou=People,dc=example,dc=com" \ --searchScope base "(ou=Engineering)" "1.1"Note:
The search requires the user DN to be under the search base defined in the
memberurlattribute for the user to be a member.
If the search returns an entry, then the user is a member of the specified group. If the search does not return any entries, then the user is not a member of the group.
Page created: 26 Jul 2021 |
Page updated: 14 Jan 2022