Something like:
ldapsearch -h hostname -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -W -b
"dc=opsware,dc=com" "cn=bugz101,cn=users,dc=opsware,dc=com" memberOf
should give you the results you want. You want to search the group for the
members vs. searching for users that are a memberOF the group because you
already know the group name and it's location. You just don't yet know the
members of that group.
Otherwise, you might search user objects to evaluate which ones have the
member attribute set to cn=bugz101 etc. That would be a much more expensive
query in my mind.
Al
From: "Mike Hogenauer" <[EMAIL PROTECTED]>
Reply-To: [email protected]
To: <[email protected]>
Subject: RE: [ActiveDir] LDAP search string. Date: Wed, 16 Nov 2005
10:45:09 -0800
Ok... So I changed the port but it still pulls back the same info all
related to the account snvbug.
I was hoping to get a list of members of the group bugz101.
dn: CN=snvbug,CN=Users,DC=opsware,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: snvbug
givenName: snvbug
distinguishedName: CN=snvbug,CN=Users,DC=opsware,DC=com
instanceType: 4
whenCreated: 20051116162449.0Z
whenChanged: 20051116172242.0Z
displayName: snvbug
uSNCreated: 1657770
memberOf: CN=bugz101,CN=Users,DC=opsware,DC=com
uSNChanged: 1659527
name: snvbug
objectGUID:: gbZWZ+4yckewq8dCkrkBFg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 127766401222018909
lastLogoff: 0
lastLogon: 127766401346237659
pwdLastSet: 127766319749346878
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: snvbug
sAMAccountType: 805306368
userPrincipalName: [EMAIL PROTECTED]
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com
dSCorePropagationData: 20051116172242.0Z
dSCorePropagationData: 20051116172242.0Z
dSCorePropagationData: 20051116172242.0Z
dSCorePropagationData: 20051116171656.0Z
dSCorePropagationData: 16010108151056.0Z
lastLogonTimestamp: 127766343852388433
# search result
search: 2
result: 0 Success
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Wednesday, November 16, 2005 10:20 AM
To: [email protected]
Subject: RE : [ActiveDir] LDAP search string.
Hi,
The memebrof attribute is not replicated to the global catalog (port 3268),
so you did not find it at all.
Change the GC port (3268) to DC port (389).
So just modify your request as followed
ldapsearch -v -h $SERVER:389 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x
-W -b "CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
Yann
________________________________
De: [EMAIL PROTECTED] de la part de Mike Hogenauer
Date: mer. 16/11/2005 18:59
À: [email protected]
Objet : [ActiveDir] LDAP search string.
All,
I'm trying to get an instance of Bugzilla to authenticate against AD.
(Windows 2003 native domain)
I've created and account called: snvbug and put it in the default user's
container for simplicity.
I've also created a group called bugz101 and placed the users who I want to
have access to bugzilla in that group.
My search now looks like this:
ldapsearch -v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x
-W -b "CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I'm still not able to pull back and group membership info. Is my search
string wrong?
I've followed the instructions in the link below from a bugzilla newsgroup
and still no luck?!?!
Any help is GREATLY appreciated.
Related link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
