Hi,All With openldap 2.4.x which supports memberOf overlay. I can get group info with only one search with following configs. <1> [root@/jacky/var]$cat user.ldif dn: cn=jacky,ou=users,dc=jacky,dc=com objectClass: organizationalPerson cn: jacky sn: sun userPassword: 11111111
[root@/jacky/var]$cat JackyGroup.ldif dn: cn=JackyGroup,ou=groups,dc=jacky,dc=com objectClass: groupOfNames cn: JackyGroup member: cn=jacky,ou=users,dc=jacky,dc=com
<2> memberOf overlay is configured correctly
<3> [root@/jacky/var]$ldapsearch -x -D "cn=root,dc=jacky,dc=com" -b "dc=jacky,dc=com" -H "ldap://x.x.x.x:389" -w xxx -s sub "(cn=jacky)" memberOf # extended LDIF # # LDAPv3 # base <dc=jacky,dc=com> with scope subtree # filter: (cn=jacky) # requesting: memberOf # # jacky, users, jacky.com dn: cn=jacky,ou=users,dc=jacky,dc=com memberOf: cn=JackyGroup,ou=groups,dc=jacky,dc=com [This is what I want] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
My questions are here: A1: With openldap 2.4.x, if posixAccount is used to manage users, then attribute 'gidNumber' which is a number will represent user's membership. With this case, is it possible that I can get group info(DN format as above) of a user entry by ONLY one search?
A2: With older openldap whihc does NOT support memberOf overlay: <1> If organizationalPerson is used to manage users, is it possible that I can get group info(DN format) of a user entry by ONLY one search? <2> If posixAccount is used to manage users, is it possible that I can get group info(DN format) of a user entry by ONLY one search?Any reply is appreciated~TIA
Thanks, Jacky