dimaj Posted July 16, 2010 Share Posted July 16, 2010 Hey guys! I'm back with another question... This time it is regarding LDAP search queries... I recently setup an OpenLDAP DC on Ubuntu 10.04 and it's working great. All my windows and linux boxes at home joined that domain and I can login to any box using 1 account. Then I setup a subsonic audio streaming server and I found out that it has an option for LDAP authentication. So, I created a new group 'subsonic' and said that 'user1' and 'user2' are members of that group. The issue that I'm having though is that when I run a query such as: ldapsearch -b 'dc=example,dc=com' -D 'cn=admin,dc=example,dc=com' -W '(&(uid=user1)(cn=subsonic))' I get 0 results. When I run ldapsearch -b 'dc=example,dc=com' -D 'cn=admin,dc=example,dc=com' -W '(memberUid=user1)' I see that this user is a member of group subsonic Could anyone help me write a search filter such that I could verify if a certain user is a member of group subsonic and return that user's object? Thanks. dimaj Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 17, 2010 Share Posted July 17, 2010 Read this article, it should help you write Ldap search queries. https://www.opends.org/wiki/page/Ldapsearch Quote Link to comment Share on other sites More sharing options...
dimaj Posted July 17, 2010 Author Share Posted July 17, 2010 Read this article, it should help you write Ldap search queries. https://www.opends.org/wiki/page/Ldapsearch Thanks for the reply! I've read through that web site as well as many others on google and still couldn't get anywhere... I think I understand what is happening, but I just don't know how to work around that. The way I see it is that secondary group memberships are not part of the user. It is groups that say that certain users are part of their group. So, when I run ldapsearch <options> "(&(memberuid=user1)(cn=someGroup))" I will see that user 'user1' is either part of that group or not. When user is trying to login, the user object has to be returned, while here we are getting the group object. Again, I'm just speculating here based on my observations when I was trying to run various filters. If my train of thoughts here is correct, is there any way to do something like this: if (uid is part of some group) return objectClass of uid else return null using the ldapsearch command. Quote Link to comment Share on other sites More sharing options...
dimaj Posted July 24, 2010 Author Share Posted July 24, 2010 OK... I found a solution... I had to enable the memberOf module. I've written a blog post about it on my blog dimaj Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.