ldap experts: how to get a list of groups a user is a member of within the entire forest?

Chere Zhou qzhou at isilon.com
Fri May 9 18:23:03 GMT 2003

Hmm, I did not see anywhere that DN has no substring rule.  Thanks for the 

I am looking at group membership in a trusted domain.  The tokenGroups does 
not seem to help there.  Do you know what else might help?  I see looping 
through groups and nested groups is my only choice right now.


On Thursday 08 May 2003 05:38 pm, Luke Howard wrote:
> >Yes, this filter is better.  The result is a list of groups the user is a
> >direct member of.  But it does not list nested groups.  I guess if groupA
> > is a member of groupB, user chere is a member of groupA, I want a query
> > on group membership of user chere, both groupA and groupB should be
> > listed.
> The tokenGroups attribute of a user contains an expanded list of
> nested groups.
> >domain.  Is this all normal?   Why do I have to use
> >(member=cn=chere,cn=users,dc=zhou,dc=com), instead of (member=cn=chere,*)?
> >Well, the (member=cn=chere,*) does not work, I don't know why.
> There is no substring matching rule for distinguished names.
> -- Luke

More information about the samba-technical mailing list