I'm working on openldap proxy to AD, gidnumber is assigned for Linux client, by the AD admin. I saw groupofnames objectclass actually only in openldap. I tried it blindly without thinking both sides and the mapping in between first. What you said is true.
-----Original Message----- From: Ralf Mattes [mailto:rm@mh-freiburg.de] Sent: Tuesday, January 03, 2017 3:31 PM To: Brian Reichert Cc: Zhang,Jun; openldap-technical@openldap.org Subject: Re: ldapsearch filter question
Am Dienstag, 03. Januar 2017 21:45 CET, Brian Reichert reichert@numachi.com schrieb:
On Tue, Jan 03, 2017 at 08:57:59PM +0000, Zhang,Jun wrote:
ldapsearch -x -b dc=myinstitute,dc=edu uid=user1 gidnumber gives me gidnumber=1234 I then tried, ldapsearch -x -b dc=myinstitute,dc=edu "(&(objectclass=groupofnames)(gidnumber=1234))" intending to find out the name of the group, but I got nothing.
Did the DN in your first search have a 'groupofnames' objectclass?
Furthermore - are you shure you want to search for groupofnames and not posixgroup? Group ID numbers are usually used with POSIX groups and since both posixgroup and groupoufnames are structural groups they can't mix. It's actually pretty unlikely that your server holds groupofnames with a numeric group id.
HTH Ralf Mattes
Thanks Jun
-- Brian Reichert reichert@numachi.com BSD admin/developer at large
The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.