LDAP：获取特定组中的用户列表

Question

I'm trying to get all users of a specific user group. I'm doing this in java, I can connect to ldap and get results from different queries. However I've searched to find solution but as far as I can tell the LDAP of my workplace is structured differently than what seems normal.

dn of users:

ou=Users,O=MYCOMPANY.COM

dn of the user group:

cn=Admin,ou=Profiles,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM

For the user group, cn is the privilege level / group name (Admin) and the name of the application is in an organisational unit. With this structure, how would I query for all users in this specific group?

I tried:

NamingEnumeration<?> namingEnum = ctx.search("ou=Users,O=MYCOMPANY.COM", "(cn=Admin,ou=Profiles,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM)", searchControls);

However what attributes would need to be in search controls? I use uid which is the users login name.

I also tried whats outlined here :

(&(objectCategory=user)(memberOf=cn=Admin,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM))

Nothing works and with that, I mean I get 0 results but no error. How can I achieve this with the given organisation of ldap?

Answer 1

Groups have something called memberOf : So try this:

search -s sub -b "DC=whatever,DC=mydomain,DC=com" "(&(objectCategory=user)(memberOf=CN=GROUP,DC=whatever,DC=mydomain,DC=com))"

you fill in whatever mydomain and GROUP above ^

Answer 2

What attributes would need to be in search controls?

The attributes listed in searchControls are the ones you want returned . The one containing the group members. Depending on what objectClass the group object is, it might be:

• uniqueMember for groupOfUniqueNames
• roleOccupant for organizationalRole

and so forth.