Last post Mar 09, 2011 05:34 AM by smirnov
Jan 31, 2011 10:49 AM|rishi23|LINK
I hope someone can clear the confusion and show a way as to how to achieve this:
In my application I am using a Filter of this sort:
(memberof=CN=Group C,OU=Group B,OU=Group A,OU=All Groups,DC=xxxxx,DC=com)
I have to check if the user belongs to the Group C... is there a way to make the search relative and not user a fully qualified name, because the Network team mentioned that they often move and rearrange Group C, Group B and Group A ie at times they can
Move Group C to be a direct sub group of Group B etc, but having such absolute paths would mean that the filter results are not correct>
So How to use a relative path because I know Group C will never be moved out of the OU= All Groups??
Feb 21, 2011 03:21 PM|Ovianer|LINK
if you know that your Group Name will never be changed and you know the start entry OU where you can find the group, I would propesed to use a loop through all existing groups inside your start OU. Take all groups DN to an array.
Get the right DN from array and check now your users. At least you need 2 loops. One to find the new group DN and then all users from this group.
Hope it helps you.
Feb 21, 2011 04:24 PM|smirnov|LINK
Try to filter it out using
Feb 23, 2011 11:56 AM|Ovianer|LINK
I don't see that the smirnov filter will be run properly. If you want to know which user is memberof you must always take the complete DN.
But I found another way to search for memberof:
That doesn't changed anything to you that you must first find the DN of your group.
Mar 08, 2011 02:40 PM|rishi23|LINK
AS you mentioned, Smirnov's filter didn't work.. I was trying to see how to get your solution to work.. but I am not sure how to find the users in a particular group without having to use the whole path and modify the following query:
C,OU=Group B,OU=Group A,OU=All Groups,DC=xxxxx,DC=com)
C,DC=xxxx,DC = com)
mean to say I can use only the CN of the group that I know the user would be in for sure, and the DC = xxx and the DC = Com and not use the sub groups/containers OU = Group B and OU = Group A?
Mar 09, 2011 05:34 AM|smirnov|LINK
You both were right, memberOf is a distinguished name attribute.
It seems the only way is to 1) search for the group and 2) then use its distinguishedName to search for all members.