Re: Search for primary group

On 05/23/17 09:17 -0400, Bernard Fay wrote:

Is there a way to find the primary group of a user with ldapsesarch or other command?

I run OpenLDAP version 2.4.40 on CentOS 7.2 if that matters.

I assume you're asking about unix groups.

Commonly the primary unix group id is stored within the gidNumber attribute of the user's corresponding DN. You can retrieve the primary group id with 'getent passwd <user>', or by searching for that attribute.

Refer to your nss documentation (libnss-ldap, nss-pam-ldapd, nssov) for how to resolve the gidNumber to a group name, or use 'getent group <gidNumber>'.

The first group printed using 'groups <user>' should be the primary group, but the man page makes no claims of that being true.