[Samba] Support for LDAP_MATCHING_RULE_IN_CHAIN in LDAP queries

Marc Muehlfeld samba at marc-muehlfeld.de
Sat Feb 8 12:11:01 MST 2014

Hello Michael,

Am 05.02.2014 20:28, schrieb Michael Brown:
> I'm guessing that this is just not implemented yet:
> http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx
> Specifically, the LDAP_MATCHING_RULE_IN_CHAIN search modifier.
> I'm trying to do a group membership search via LDAP that traverses
> subgroups. Against Windows AD I'd use:
> (memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x))
> But that doesn't work against samba4 (sernet 4.1.4-7).
> Is there a different way to do this that works against Samba?

I can't say if there's a workaround. Sorry.

But if you can do this against a MS domain controller and can't with a 
Samba DC, then it's worth adding a bug report (don't forget to add an 
example and some information about your MS DC).


More information about the samba mailing list