ldap experts: how to get a list of groups a user is a member of within the entire forest?

Luke Howard lukeh at PADL.COM
Fri May 9 00:38:01 GMT 2003

>Yes, this filter is better.  The result is a list of groups the user is a 
>direct member of.  But it does not list nested groups.  I guess if groupA is 
>a member of groupB, user chere is a member of groupA, I want a query on group 
>membership of user chere, both groupA and groupB should be listed.

The tokenGroups attribute of a user contains an expanded list of 
nested groups.

>domain.  Is this all normal?   Why do I have to use 
>(member=cn=chere,cn=users,dc=zhou,dc=com), instead of (member=cn=chere,*)?  
>Well, the (member=cn=chere,*) does not work, I don't know why.

There is no substring matching rule for distinguished names.

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com

More information about the samba-technical mailing list