[Date Prev][Date Next] [Chronological] [Thread] [Top]

Searching AD for user membership in specific group(s)

To: <openldap-software@OpenLDAP.org>
Subject: Searching AD for user membership in specific group(s)
From: "Kellogg, Chris" <Chris.Kellogg@dyncorp.com>
Date: Fri, 1 Oct 2004 12:37:15 -0500
Content-class: urn:content-classes:message
Thread-index: AcSn3UqD1LWIEvyxTgOy1/ZcsLZVKA==
Thread-topic: Searching AD for user membership in specific group(s)

Forgive me if this is a repeat or if I need to look at a specific
source.  Point me in the right direction and I'll be happy to do the
required reading.  Google has done nothing for me, and I fail to find
what I need on openldap.org.

I need to do ldap-searches of an MS Active Directory to see if a
particular user is a member of a specific group.  I can do searches and
get information on a specific dn, but I am completely mystified by the
search.

What search string/method should I be using to perform this check?
Currently, I can get a DN search with this:

ldapsearch -D "cn=User\, Admin,ou=User Accounts,ou=Main
Office,dc=subdomain,dc=domain,dc=com" -h gcsrv.domain.com:3268 -b
"dc=domain,dc=com" -W -s sub "cn=Search Group"

gcsrv.domain.com is a global catalog server for the top-level domain.  I
have several subdomains, so I need to start the search at the top.  3268
is the cleartext port for LDAP to the Global Catalog.

I need to see if "cn=testuser" is in "cn=Search Group", I'm just
completely stuck.  Anyone have suggestions?

Chris.

Christopher M. Kellogg, GCFW
Principle Network Administrator, DynCorp, A CSC Company
6500 West Freeway Suite 600, Fort Worth, TX

Prev by Date: RE: Unknown CA error - replication
Next by Date: Re: Ldap server with Mysql backend (windows version)
Index(es):
- Chronological
- Thread