-
To determine the set of all static groups in which a user is specified as a member,
perform a subtree search based at the top of the directory information tree (DIT).
Tip:
Configure the search filter to match any type of static group in which the specified user is a member.
The following table contains the search criteria to determine the set of all static groups in which the user uid=john.doc,ou=People,dc=example,dc=com is a member.
Base DN
dc=example,dc=com
Scope
sub
Filter
(|(&(objectClass=groupOfNames) (member=uid=john.doe,ou=People,dc=example,dc=com)) (&(objectClass=groupOfUniqueNames)(uniqueMem- ber=uid=john.doe,ou=People,dc=example,dc=com)) (&(objectClass=groupOfEntries) (member=uid=john.doe,ou=People,dc=example,dc=com)))
Requested attributes
1.1
$ bin/ldapsearch --baseDN "dc=example,dc=com" --searchScope sub \ "(|(&(objectClass=groupOfNames) (member=uid=john.doe,ou=People,dc=example,dc=com)) \ (&(objectClass=groupOfUniqueNames)\ (uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)) \ (&(objectClass=groupOfEntries) \ (member=uid=john.doe,ou=People,dc=example,dc=com)))" "1.1"
Entries returned from the search represent each static group in which the specified user is a member.
Note:A base level search of the user's entry for
isMemberOf
orisDirectMemberOf
virtual attributes gives the same results. You can also use the virtual attributes with virtual static groups.