On Tue, 2012-06-05 at 16:51 +0200, Sigbjorn Lie wrote:
> The net effect of this is that by doing this, we're also
doing a lookup
> of all the users in those groups (we don't have a choice in this, because
RFC2307bis servers can
> have other groups as a member and we cannot know which we're dealing with until
we request it).
>
Would the information in the link below provide any help for looking up all members of a
group,
and all a user group memberships in a single LDAP lookup?
I used the filter
"(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x))" to find all
users of a group, including users that we're member of that group through membership
of another
group some time back.
There seem to be a similar filter for looking up all groups the user is a member of in a
single
lookup: "(member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))".
See this link for further reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.8...
Thanks a lot for uncovering this Siggi, it will definitely be useful.
Simo.
--
Simo Sorce * Red Hat, Inc * New York