ldap experts: how to get a list of groups a user is a member of
within the entire forest?
Chere Zhou
qzhou at isilon.com
Thu May 8 01:33:28 GMT 2003
I want to do this using openldap against w2k ADS. I found from google,
somebody supporting ADSI from Microsoft said the following:
- bind to the GC.
- do search using DirectorySearcher with the filter
"(&(objectClass=Group)(objectCategory=Group)(member=CN=My User...))".
I do not have DirectorySearcher to test it with. But using
net ads search -I <GC ip> \
"(&(objectClass=Group)(objectCategory=Group)(member=CN=chere))"
certainly "Got 0 replies".
Anybody know how to do it, or is it not possible at all? I hope one search
can recursively get all of the groups, rather than just the groups the user
is a direct member of. I don't feel like looping through each group to
compare with. Better solution than that is greatly appreciated.
Chere
More information about the samba-technical
mailing list