Hi,All
With openldap 2.4.x which supports memberOf overlay. I can get group info with only one search with following configs.
<1>
[root@/jacky/var]$cat user.ldif
dn: cn=jacky,ou=users,dc=jacky,dc=com
objectClass: organizationalPerson
cn: jacky
sn: sun
userPassword: 11111111
[root@/jacky/var]$cat JackyGroup.ldif
dn: cn=JackyGroup,ou=groups,dc=jacky,dc=com
objectClass: groupOfNames
cn: JackyGroup
member: cn=jacky,ou=users,dc=jacky,dc=com
<2>
memberOf overlay is configured correctly
<3>
[root@/jacky/var]$ldapsearch -x -D "cn=root,dc=jacky,dc=com" -b "dc=jacky,dc=com" -H "
ldap://x.x.x.x:389" -w xxx -s sub "(cn=jacky)" memberOf
# extended LDIF
#
# LDAPv3
# base <dc=jacky,dc=com> with scope subtree
# filter: (cn=jacky)
# requesting: memberOf
#
# jacky, users, jacky.com
dn: cn=jacky,ou=users,dc=jacky,dc=com
memberOf: cn=JackyGroup,ou=groups,dc=jacky,dc=com [This is what I want]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
My questions are here:
A1: With openldap 2.4.x, if posixAccount is used to manage users, then attribute 'gidNumber' which is a number will represent user's membership.
With this case, is it possible that I can get group info(DN format as above) of a user entry by ONLY one search?
A2: With older openldap whihc does NOT support memberOf overlay:
<1> If organizationalPerson is used to manage users, is it possible that I can get group info(DN format) of a user entry by ONLY one search?
<2> If posixAccount is used to manage users, is it possible that I can get group info(DN format) of a user entry by ONLY one search?Any reply is appreciated~TIA
Thanks,
Jacky