Le 07/03/2023 à 06:58, forumforeign a écrit :
06.03.23 19:14, Clément OUDOT пише:
Le 06/03/2023 à 16:13, forumforeign a écrit :
'(&(objectClass=organizationalRole)(cn=developer)(uid=user1,ou=people,dc=domain,dc=com))' RoleOccupant '(&(objectClass=organizationalRole)(cn=developer)(uid=user1,ou=people,dc=domain,dc=com))'
'(&(objectClass=organizationalRole)(cn=developer)(uid=user1*))' RoleOccupant
How I can change filter, that check if user1 belong to group developer?
Use '(&(objectClass=organizationalRole)(cn=developer)(roleOccupant=user1,ou=people,dc=domain,dc=com))' , it will return one entry if user is member of the group"cn=developer", and no entry else.
Unfortunately it also doesn't work:
$ openldapsearch -v -H ldaps://<ldap_host> -x -b 'dc=domain,dc=com' -W -D "cn=vmail,ou=services,dc=domain,dc=com" '(&(objectClass=organizationalRole)(cn=developer)(roleOccupant=user1,ou=people,dc=domain,dc=com))' RoleOccupant Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=domain,dc=com> with scope subtree # filter: (&(objectClass=organizationalRole)(cn=developer)(roleOccupant=user1,ou=people,dc=domain,dc=com)) # requesting: RoleOccupant #
# search result search: 2 result: 0 Success
# numResponses: 1
Also, I have tried (without RoleOccupant at the end)
$ openldapsearch -v -H ldaps://<ldap_host> -x -b 'dc=domain,dc=com' -W -D "cn=vmail,ou=services,dc=domain,dc=com" '(&(objectClass=organizationalRole)(cn=developer)(roleOccupant=user1,ou=people,dc=domain,dc=com))'
There was a typo in the filter, the attribute of the RDN was missing :
'(&(objectClass=organizationalRole)(cn=developer)(roleOccupant=uid=user1,ou=people,dc=domain,dc=com))'