I'm not an LDAP expert. I need to run an ldapsearch to determine membership in a group… I have read up on this, and was successful getting a simple ldapsearch to run, which displayed user info… so I tried to construct a group "memberOf" query… no joy…
I run the query, it says "success", but returns no data.. I have tried this with MANY gorups, so I am sure there are members in the group I am querying…. Not once have I had any data returned… here's the latest query I am running:
./ldapsearch \
-h one.two.three.com \
-b dc=one,dc=two,dc=three,dc=com \
-D 'XX-Sub\myuid' \
-w 'pswdxxx' \
"(&(objectCategory=user)(memberOf=DN=dba_grp))" \
distinguishedName
I have dumped ldap info (objectclass=*), and don't see anything I am omitting, etc. but I am not as versed on what some things mean, such as domain, subdomain, etc. (i.e., what they mean in ldap perspective, I know what they mean outside of ldap) if needed I could post a sanitized version of config settings, or whatever, but I can't post real named links, etc. (I'm sure everyone knows about that).
I have really tried to resolve this on my own, and have been at it for days now… I'm still searching boards, etc. but would love it if someone could help me focus on the issue, so I can be a little more confident I'm at least heading in the right direction…
Many thanks…
Best Answer
"memberOf" at least in AD is stored like list of distinguishedNames.
you might want to try this:
Also you might want to make sure your bind DN has rights to issue read queries against all Directory, as most of AD you can only issue query against your bind DN.