On Tue, 2012-06-05 at 11:14 -0400, Simo Sorce wrote:
On Tue, 2012-06-05 at 16:51 +0200, Sigbjorn Lie wrote:
> > The net effect of this is that by doing this, we're also doing a lookup
> > of all the users in those groups (we don't have a choice in this, because
RFC2307bis servers can
> > have other groups as a member and we cannot know which we're dealing with
until we request it).
> >
>
>
> Would the information in the link below provide any help for looking up all members
of a group,
> and all a user group memberships in a single LDAP lookup?
>
> I used the filter
"(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x))" to find all
> users of a group, including users that we're member of that group through
membership of another
> group some time back.
>
> There seem to be a similar filter for looking up all groups the user is a member of
in a single
> lookup: "(member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))".
>
>
> See this link for further reference:
>
http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.8...
Thanks a lot for uncovering this Siggi, it will definitely be useful.
I agree, this will be very handy. I've opened
https://fedorahosted.org/sssd/ticket/1367 to track its inclusion. I'll
be proposing this for 1.9.0 beta 3, I think.