Menu
We have an LDAP with a number of groups that follow this pattern:
Acme-MyApp-ABC-Admin
Acme-MyApp-ABC-Bottlewasher
Acme-MyApp-ABC-Cook
Acme-MyApp-DEF-Admin
Acme-MyApp-DEF-Bottlewasher
Acme-MyApp-DEF-Cook
etc repeated many times.
(&(objectClass=person)(memberOf=cn=Acme-MyApp-ABC-Admin,ou=Groups,dc=acme,dc=com))
correctly returns members of the Acme-MyApp-ABC-Admin group. We'd like to find members of all of the Admin groups.
(&(objectClass=person)(memberOf=cn=*-Admin,ou=Groups,dc=acme,dc=com))
Is it possible to put a wildcard within a DN?
634
By dynamic groups, we mean the user entry has an 'memberOf' attribute value for each group (as opposed to the group having a 'member' attribute value for each user). Below is a sample LDAP configuration: dn: cn=mygroup,ou=groups,dc=example,dc=com. objectClass: group.
The easiest way to search LDAP is to use ldapsearch with the “-x” option for simple authentication and specify the search base with “-b”. If you are not running the search directly on the LDAP server, you will have to specify the host with the “-H” option.
1. Search Filter is a basic LDAP Query for searching users based on mapping of username to a particular LDAP attribute. 2. The following are some commonly used Search Filters. You will need to use a search filter which uses the attributes specific to your LDAP environment.
Generally, Wildcard searches on DN's syntax attributes are not supported.
Some LDAP server implementation may support them. You question is tagged as OpenLDAP but the search filter appears to be more like an AD implementation.
I did find "Question about using an LDAP filter to get memberOf from an AD Group" on TechNet stating, ".. that wildcards are no allowed." (I am assuming he met NOT vs no)
-jim
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
