ldap嵌套组（在分析组成员资格时的外观属性）

Question

To retrieve groups belonging to all users I am using following filter:

(&(objectclass=*)(member:1.2.840.113556.1.4.1941:=cn=sam,DC=aaaldap,DC=com))

And, i am able to retrieve multiple DN entries like:

1. GOT ENTRY: DN => CN=group1,CN=Users,DC=aaaldap,DC=com
 LDAP: Attribute                Length    Valueldap_get_dn
 1d21h: LDAP: cn                  6         group1

2. LDAP: GOT ENTRY: DN => CN=group2,CN=Users,DC=aaaldap,DC=com
 LDAP: Attribute                Length    Valueldap_get_dn
 1d21h: LDAP: cn                  6         group2

All i am interested is in group membership, so i want to parse the attribute CN received in the entry and would like to assume this as a group.

Can someone suggest if this will be a valid assumption of parsing CN attribute and mark its value as "group" membership to which it belongs to?

Answer 1

You should specify a real objectClass instead of just * , to limit the search to whatever object class you are using for groups. Then anything you get back must be a group. The search may also run faster.