An LDAP security domain can contain nested LDAP groups. The Service Manager can import nested groups that are created in the following manner: Create the groups under the same organizational units (OU). Set the relationship between the groups.
A 'nested group' is a group which is a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.
Defining Nested Groups The developers group has two members: a person miranda and another group senior-developers . The senior-developers group has a single member: a person suzanne . When a group has another group as a member we call it a “nested group”.
Use the LDAP Group Members Connector to retrieve the members of LDAP groups. This component returns the user entries of group members, and not the group entries themselves. You can access information about the containing group and the parent/ancestor groups through properties.
Yes, using the LDAP_MATCHING_RULE_IN_CHAIN matching rule (OID 1.2.840.113556.1.4.1941). For example:
(memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,DC=x)
see http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx
You must use the full distinguished name of your group when using memberOf:1.2.840.113556.1.4.1941:=
in my case CN=MyGroup,OU=User,OU=Groups,OU=Security,DC=domain,DC=com
was the whole distinguished name
(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=MyGroup,OU=User,OU=Groups,OU=Security,DC=domain,DC=com))
you can get the distinguished name of you group by running the following code and putting in this filter (&(objectClass=group)(name=MyGroup))
Imports System.DirectoryServices
Module Module1
Sub Main()
Dim run As Boolean = True
Dim Filter As String
While run
Console.WriteLine("Enter Filter:")
Filter = Console.ReadLine()
If Filter = "exit" Then
run = False
Else
checkFilter(Filter)
End If
End While
End Sub
Function checkFilter(Filter As String) As Boolean
Dim search As New DirectorySearcher("LDAP://dc=Domain,dc=com")
Try
search.Filter = Filter
search.PropertiesToLoad.Add("name")
search.PropertiesToLoad.Add("distinguishedName")
search.SearchScope = SearchScope.Subtree
Dim results As SearchResultCollection = search.FindAll()
If results Is Nothing Then
Console.WriteLine("Nothing")
Return False
Else
If results.Count() = 0 Then
Console.WriteLine("non found")
End If
Dim result As SearchResult
For Each result In results
Console.WriteLine(result.Properties("name")(0).ToString())
Console.WriteLine(result.Properties("distinguishedName")(0).ToString())
'For Each prop In result.Properties("members")
' Console.WriteLine(prop.ToString())
'Next
Next
Console.WriteLine(String.Format("{0} Users Found", results.Count()))
End If
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
Return True
End Function
End Module
Per your question, the query should be
(&(memberOf:1.2.840.113556.1.4.1941:={0})(objectCategory=person)(objectClass=user)(sAMAccountName={1}))
{0}
is the nested group, it should be a Distinguished name
{1}
is the user sAMAccountName you want (you could use any other user property than sAMAccountName within (sAMAccountName={1})
)
Then you will get the user detail for response if the user is the member of nested group
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With