ldap experts: how to get a list of groups a user is a member of
within the entire forest?
Jason Haar
Jason.Haar at trimble.co.nz
Thu May 8 04:27:55 GMT 2003
On Wed, May 07, 2003 at 06:33:28PM -0700, Chere Zhou wrote:
> Anybody know how to do it, or is it not possible at all? I hope one search
> can recursively get all of the groups, rather than just the groups the user
> is a direct member of. I don't feel like looping through each group to
> compare with. Better solution than that is greatly appreciated.
Good luck - that's what I had to do :-(
Also, I'm using direct LDAP to the AD domain controllers, and LDAP isn't
recursive (like DNS), so if your user is in Universal Groups, then you're
going to have to make new connections off to other DC's to do lookups
related to their groups, etc, etc.
I haven't figured out if or how the Global Catalogue is meant to make this
doable.
Can LDAP to a GC be used instead of LDAP to DC's to get around such issues?
I don't think a GC is actually LDAP-searchable? I'd love to be able to get
"show all members of this Universal Group" in one call instead of the damn
looping I have to go through at the moment.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the samba-technical
mailing list