On 11/8/11 3:55 PM, "Tim Dunphy" <bluethu...@jokefire.com> wrote:
> I have devised an LDAP query that successfully retrieves information >that could be used to log into RT. > > ldapsearch -x -p 389 -h ldap01.example.com -b dc=example,dc=com -D >"uid=dunphy,ou=People,dc=example,dc=com" -w 'secret' >"(&(objectClass=top)(|(cn=RTUsers)))" "uniqueMember" > > This is an example of what it finds: > > # extended LDIF ># ># LDAPv3 ># base <dc=example,dc=com> with scope subtree ># filter: (&(objectClass=top)(|(cn=RTUsers))) ># requesting: uniqueMember ># > ># RTUsers, Groups, example.com >dn: cn=RTUsers,ou=Groups,dc=example,dc=com >uniqueMember: uid=user1,ou=People,dc=example,dc=com >uniqueMember: uid=user2,ou=People,dc=example,dc=com >uniqueMember: uid=user3,ou=People,dc=example,dc=com >uniqueMember: uid=user4t,ou=People,dc=example,dc=com > >... > ># search result >search: 2 >result: 0 Success > ># numResponses: 2 ># numEntries: 1 So your query is returning a single object (numEntries: 1) that references all the objects you want to use (you get a single group object). With that in mind, you need to craft your query to return user objects. You should look at the properties of "uid=user1,ou=People,dc=example,dc=com" and use those to identify how to filter your users. (I expect that there might be some entries in there to reference the group the user is a member of, and you should build your filter on that, and drop the "cn=RTUsers" in your filter, that is almost certainly not what you want) I hope this puts you in the right direction... Jok -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011