Dan Scott wrote:

On Fri, Nov 4, 2011 at 17:38, Stephen Ingram<sbing...@gmail.com>  wrote:
On Fri, Nov 4, 2011 at 2:12 PM, Dan Scott<danieljamessc...@gmail.com>  wrote:
ldapsearch -b cn=users,cn=accounts,dc=example,dc=com

In version 2, it looks like the memberOf attributes have been removed
from the user entries and the user group membership information is
stored only in the 'member' attribute of the individual group entries.

Can someone help me modify the above command so that I can find users,
using their email address, who are also members of a particular group?
Preferably using one command.


It looks like you are missing the cn=accounts in your filter:

ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
-x ...

Thanks for spotting that, it was an error from when I was removing my
domain information.

However, the problem remains that the memberOf attributes don't exist
in FreeIPA V2, so I need to figure out another way to do the search.



memberof should exist. memberof should be calculated on the fly from the member information. I'm not sure why you aren't seeing it.

You can try this, substituting for your domain:

# /var/lib/dirsrv/scripts-EXAMPLE-COM/fixup-memberof.pl -D 'cn=directory manager' -w - -b dc=example,dc=com -f "(objectclass=*)" -v

This should rebuild the memberof values.


Freeipa-users mailing list

Reply via email to