[Samba] Group members via LDAP
Rowland Penny
rpenny at samba.org
Wed Feb 8 16:13:56 UTC 2023
On 08/02/2023 15:35, Troels Arvin via samba wrote:
> Hello,
>
> On a network, I'm using Samba as domain controller.
>
> I've created a group "mygroup" which has three members. Those members
> have "mygroup" as primary group:
>
> ===================================================
> # samba-tool group listmembers mygroup
> user1
> user2
> user3
> ===================================================
>
>
> However, when I query Samba via LDAP, the group members don't appear:
> ===================================================
> $ ldapsearch samaccountname=mygroup member
> SASL/GSS-SPNEGO authentication started
> SASL username: troels at MYDOM.ORG
> SASL SSF: 256
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base <dc=MYDOM,dc=ORG> (default) with scope subtree
> # filter: samaccountname=mygroup
> # requesting: member
> #
>
> # mygroup, Users, mydom.org
> dn: CN=mygroup,CN=Users,DC=mydom,DC=org
>
> # search reference
> # ...
> ===================================================
>
>
> I had expected the result to also have some "member:" lines such as:
> ===================================================
> dn: CN=mygroup,CN=Users,DC=mydom,DC=org
> member: CN=User1 Surname1,CN=users,DC=mydom,DC=org
> member: CN=User2 Surname2,CN=users,DC=mydom,DC=org
> member: CN=User3 Surname3,CN=users,DC=mydom,DC=org
> ===================================================
>
> How can I run ldapsearch in a way where all members of the group are
> shown, including users who have the group as the primary group?
I don't use ldapsearch much (I use ldbsearch etc, easier to use with
kerberos), but don't you have to use a searchbase ?
i.e, -b 'dc=mydom,dc=org'
Rowland
More information about the samba
mailing list