This LDAP query successfully enumerates all users within a group:
memberOf=CN=MySubGroup1,OU=MyGroup1,OU=Global Groups,DC=mycompany,DC=com
The group MyGroup1 has two subgroups: MySubGroup1, MySubGroup2.
In order to get all the users of MyGroup1, I could make a query to get the users of MySubGroup1, another query to get the users of MySubGroup1, and then make the union.
However, I am asking how I can achieve the same results with only one LDAP query,
asking for all the users within MyGroup1 and sub-groups.
Any idea?
Best Answer
There is no such thing as a
subgroup
, just groups. The correct term issubordinate
, i.e.,cn=mysubgroup1
is subordinate toou=mygroup1
, and so forth.Use the following parameters in an LDAP search request:
OU=MyGroup1,OU=Global Groups,DC=mycompany,DC=com
sub
if there is more than one 'level' beneathou=mygroup1
,one
otherwise(|(cn=mysubgroup1)(cn=mysubgroup2))
These search request parameters should result in a search result with two entries, the distinguished of each entry, and the attributes whose values are the distinguished names of the members of each group.
see also