dimaj Posted July 16, 2010 Posted July 16, 2010 Hey guys! I'm back with another question... This time it is regarding LDAP search queries... I recently setup an OpenLDAP DC on Ubuntu 10.04 and it's working great. All my windows and linux boxes at home joined that domain and I can login to any box using 1 account. Then I setup a subsonic audio streaming server and I found out that it has an option for LDAP authentication. So, I created a new group 'subsonic' and said that 'user1' and 'user2' are members of that group. The issue that I'm having though is that when I run a query such as: ldapsearch -b 'dc=example,dc=com' -D 'cn=admin,dc=example,dc=com' -W '(&(uid=user1)(cn=subsonic))' I get 0 results. When I run ldapsearch -b 'dc=example,dc=com' -D 'cn=admin,dc=example,dc=com' -W '(memberUid=user1)' I see that this user is a member of group subsonic Could anyone help me write a search filter such that I could verify if a certain user is a member of group subsonic and return that user's object? Thanks. dimaj Quote
Infiltrator Posted July 17, 2010 Posted July 17, 2010 Read this article, it should help you write Ldap search queries. https://www.opends.org/wiki/page/Ldapsearch Quote
dimaj Posted July 17, 2010 Author Posted July 17, 2010 Read this article, it should help you write Ldap search queries. https://www.opends.org/wiki/page/Ldapsearch Thanks for the reply! I've read through that web site as well as many others on google and still couldn't get anywhere... I think I understand what is happening, but I just don't know how to work around that. The way I see it is that secondary group memberships are not part of the user. It is groups that say that certain users are part of their group. So, when I run ldapsearch <options> "(&(memberuid=user1)(cn=someGroup))" I will see that user 'user1' is either part of that group or not. When user is trying to login, the user object has to be returned, while here we are getting the group object. Again, I'm just speculating here based on my observations when I was trying to run various filters. If my train of thoughts here is correct, is there any way to do something like this: if (uid is part of some group) return objectClass of uid else return null using the ldapsearch command. Quote
dimaj Posted July 24, 2010 Author Posted July 24, 2010 OK... I found a solution... I had to enable the memberOf module. I've written a blog post about it on my blog dimaj Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.