LDAP query to get members for all groups in a sub OU

groupsldap

I need to get all users that are members of a set of groups that are configured on a sub OU.

The DN for this sub OU is "OU=OU2,OU=1,DC=labo,DC=test".
The groups would be in "CN="",OU=OU2,OU=1,DC=labo,DC=test".

There is a way to execute a query that gets me all users members of these groups?

Best Answer

You should query for the virtual attributs representing users membership, it would a simple ldap search, something like:

 ldapsearch -h localhost --port 1389 -D "cn=Directory Manager" -w "password" -b "ou=people,o=group" -s sub "(ismemberof=CN=*,OU=OU2,OU=1,DC=labo,DC=test)"

Note that some ldaps use memberof instead of ismemberof.

Related Solutions

Linux – LDAP query on linux against AD returns groups with no members

It might be the same case I've run onto not a long time ago. If your AD group has too many members, it caused such error in Linux (somewhere on getent level or just before it - ldapsearch worked fine).

More precisely the error is not about a specific number of members, but rather about the number of characters per "group line" (think line from /etc/group) being greater than 1023 characters. I didn't look into why this limit is there and why 1024. I've just created a second group and moved excessive members there.

Linux – Show all users and their groups/vice versa

All users:

$ getent passwd

All groups:

$ getent group

All groups with a specific user:

$ getent group | grep username

Best Answer

Related Solutions

Linux – LDAP query on linux against AD returns groups with no members

Linux – Show all users and their groups/vice versa

Related Topic