[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Group membership question : New to OpenLDAP

To: Sachin C <sac_ldap@yahoo.com>, openldap-software@OpenLDAP.org
Subject: Re: Group membership question : New to OpenLDAP
From: Peter Marschall <peter@adpm.de>
Date: Sun, 16 Nov 2003 11:21:02 +0100
Content-disposition: inline
In-reply-to: <20031115042425.67085.qmail@web21504.mail.yahoo.com>
Organization: ADPM
References: <20031115042425.67085.qmail@web21504.mail.yahoo.com>
User-agent: KMail/1.5.3

Hi,

On Saturday 15 November 2003 05:24, Sachin C wrote:
> I have a situation where i want to find out who are
> the members of a group and vice versa i.e. a user is
> member of which group.
>
> I have used AD 2003. It gives a nice facility that
> whenever we set a user as "member" of a group (or set
> member attrib of user) then automatically the memberOf
> attribute os the user object is set to proper value
> (i.e. DN of the group).
>
> Is there any such facility present in OpenLDAP. I am
> new to OpenLDAP. Please help.

OpenLDAP does not support that kind of backlink.
It is a private extension to the LDAP standard that some directroy servers 
provide and thus is not portable (the attribute names for the group 
membership in the user's object differ from vendor to vendor).

To be truly portable you can revert the logic: 
Instead of doing an unportable

  ldapsearch -b USER -s base '(objectclass=*)'  memberOf

do a

  ldapsearch -b GROUPS-CONTAINER -s sub '(member=USER)' 1.1

where USER is the DN of the user and GROUPSCONTAINER is the DN of the branch 
that contains all groups.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de

References:
- Group membership question : New to OpenLDAP
  - From: Sachin C <sac_ldap@yahoo.com>

Prev by Date: Re: entryCSN in OpenLDAP vs CSN defined in LDUP doc
Next by Date: Re: XML export standard
Index(es):
- Chronological
- Thread