ldap experts: how to get a list of groups a user is a member
of within the entire forest?
Chere Zhou
qzhou at isilon.com
Fri May 9 18:23:03 GMT 2003
Hmm, I did not see anywhere that DN has no substring rule. Thanks for the
clarification.
I am looking at group membership in a trusted domain. The tokenGroups does
not seem to help there. Do you know what else might help? I see looping
through groups and nested groups is my only choice right now.
Chere
On Thursday 08 May 2003 05:38 pm, Luke Howard wrote:
> >Yes, this filter is better. The result is a list of groups the user is a
> >direct member of. But it does not list nested groups. I guess if groupA
> > is a member of groupB, user chere is a member of groupA, I want a query
> > on group membership of user chere, both groupA and groupB should be
> > listed.
>
> The tokenGroups attribute of a user contains an expanded list of
> nested groups.
>
> >domain. Is this all normal? Why do I have to use
> >(member=cn=chere,cn=users,dc=zhou,dc=com), instead of (member=cn=chere,*)?
> >Well, the (member=cn=chere,*) does not work, I don't know why.
>
> There is no substring matching rule for distinguished names.
>
> -- Luke
More information about the samba-technical
mailing list