Melita Mihaljevic wrote: > Hi, > I'm wondering which is the generic way to search for groups in LDAP. > I used: search_groups = lo.search_st(base_dn, ldap.SCOPE_SUBTREE, > '(ou=Group)')
The filter (ou=Group) does not make sense to me. You're probably mixing this with the search root. 1. Bear in mind that there are many different types of group entries out in the wild. LDAP entries are typed by object class. So your filter has to specifically search for group entries by object class. 2. Additionally for determining whether a certain user is member of a group you have to compare a certain member attribute within the group entry with an attribute within the user's entry or the DN of the entry. 3. You should never ever (accidently) request the member attribute within the group entry to be returned in the search results since some groups can be big leading to a large amount of data to be returned. The user entry: dn: cn=michael str\C3\B6der,ou=private,dc=stroeder,dc=de uid: michael mail: [EMAIL PROTECTED] Example of a filter generated by web2ldap (normally everything in one line, broke up here for readability): (| (&(objectClass=organizationalRole)(roleOccupant=cn=michael str\C3\B6der,ou=private,dc=stroeder,dc=de)) (&(objectClass=rfc822MailGroup)([EMAIL PROTECTED])) (&(objectClass=groupOfUniqueNames)(uniqueMember=cn=michael str\C3\B6der,ou=private,dc=stroeder,dc=de)) (&(objectClass=mailGroup)([EMAIL PROTECTED])) (&(objectClass=posixGroup)(memberUid=michael)) (&(objectClass=nisMailAlias)([EMAIL PROTECTED])) (&(objectClass=groupOfNames)(member=cn=michael str\C3\B6der,ou=private,dc=stroeder,dc=de)) )) Ciao, Michael. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
