Determining the dynamic groups to which a user belongs - PingDirectory

Determining the dynamic groups to which a user belongs - PingDirectory - 9.3

PingDirectory 9.3

bundle

pingdirectory-93

ft:publication_title

PingDirectory 9.3

Product_Version_ce

PingDirectory 9.3 (Latest)

category

Product

pd-93

pingdirectory

ContentType_ce

To determine the set of all dynamic groups in which a user is a member, perform a search to find all dynamic group entries defined in the server using a subtree search with a filter of (objectClass=groupOfURLs).

Tip:

You should retrieve the memberURL attribute so that you can use the logic described in the previous section to determine whether the specified user is a member of each of those groups.

The following table contains the search criteria to determine the set of all dynamic groups defined in the dc=example,dc=com tree.

Base DN	`dc=example,dc=com`
Scope	`sub`
Filter	`(objectClass=groupOfURLs)`
Requested Attributes	`memberURL`

$ bin/ldapsearch --baseDN "dc=example,dc=com" \
  --searchScope sub "(objectClass=groupOfURLs)" "memberURL"

Each entry returned is a dynamic group definition. You can use the base, scope, and filter of its memberURL attribute to determine whether the user is a member of that dynamic group.