Dan Scott wrote:
Hi,

On Fri, Nov 4, 2011 at 17:38, Stephen Ingram<sbing...@gmail.com>  wrote:
On Fri, Nov 4, 2011 at 2:12 PM, Dan Scott<danieljamessc...@gmail.com>  wrote:
ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
"(&(mail=${email_address})(memberOf=cn=usergroup,cn=groups,dc=example,dc=com"
-x

In version 2, it looks like the memberOf attributes have been removed
from the user entries and the user group membership information is
stored only in the 'member' attribute of the individual group entries.

Can someone help me modify the above command so that I can find users,
using their email address, who are also members of a particular group?
Preferably using one command.

Dan-

It looks like you are missing the cn=accounts in your filter:

ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
"(&mail=${email_address})(memberOf=cn=usergroup,cn=groups,cn=accounts,dc=example,dc=com)"
-x ...

Thanks for spotting that, it was an error from when I was removing my
domain information.

However, the problem remains that the memberOf attributes don't exist
in FreeIPA V2, so I need to figure out another way to do the search.

Thanks,

Dan

memberof should exist. memberof should be calculated on the fly from the member information. I'm not sure why you aren't seeing it.

You can try this, substituting for your domain:

# /var/lib/dirsrv/scripts-EXAMPLE-COM/fixup-memberof.pl -D 'cn=directory manager' -w - -b dc=example,dc=com -f "(objectclass=*)" -v

This should rebuild the memberof values.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to