[Samba] Group members via LDAP

Troels Arvin troels at arvin.dk
Wed Feb 8 15:35:42 UTC 2023


Hello,

On a network, I'm using Samba as domain controller.

I've created a group "mygroup" which has three members. Those members 
have "mygroup" as primary group:

===================================================
# samba-tool group listmembers mygroup
user1
user2
user3
===================================================


However, when I query Samba via LDAP, the group members don't appear:
===================================================
$ ldapsearch samaccountname=mygroup member
SASL/GSS-SPNEGO authentication started
SASL username: troels at MYDOM.ORG
SASL SSF: 256
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=MYDOM,dc=ORG> (default) with scope subtree
# filter: samaccountname=mygroup
# requesting: member
#

# mygroup, Users, mydom.org
dn: CN=mygroup,CN=Users,DC=mydom,DC=org

# search reference
# ...
===================================================


I had expected the result to also have some "member:" lines such as:
===================================================
dn: CN=mygroup,CN=Users,DC=mydom,DC=org
member: CN=User1 Surname1,CN=users,DC=mydom,DC=org
member: CN=User2 Surname2,CN=users,DC=mydom,DC=org
member: CN=User3 Surname3,CN=users,DC=mydom,DC=org
===================================================

How can I run ldapsearch in a way where all members of the group are 
shown, including users who have the group as the primary group?

-- 
Regards,
Troels Arvin



More information about the samba mailing list