[Date Prev][Date Next]
Searching AD for user membership in specific group(s)
- To: <openldap-software@OpenLDAP.org>
- Subject: Searching AD for user membership in specific group(s)
- From: "Kellogg, Chris" <Chris.Kellogg@dyncorp.com>
- Date: Fri, 1 Oct 2004 12:37:15 -0500
- Content-class: urn:content-classes:message
- Thread-index: AcSn3UqD1LWIEvyxTgOy1/ZcsLZVKA==
- Thread-topic: Searching AD for user membership in specific group(s)
Forgive me if this is a repeat or if I need to look at a specific
source. Point me in the right direction and I'll be happy to do the
required reading. Google has done nothing for me, and I fail to find
what I need on openldap.org.
I need to do ldap-searches of an MS Active Directory to see if a
particular user is a member of a specific group. I can do searches and
get information on a specific dn, but I am completely mystified by the
What search string/method should I be using to perform this check?
Currently, I can get a DN search with this:
ldapsearch -D "cn=User\, Admin,ou=User Accounts,ou=Main
Office,dc=subdomain,dc=domain,dc=com" -h gcsrv.domain.com:3268 -b
"dc=domain,dc=com" -W -s sub "cn=Search Group"
gcsrv.domain.com is a global catalog server for the top-level domain. I
have several subdomains, so I need to start the search at the top. 3268
is the cleartext port for LDAP to the Global Catalog.
I need to see if "cn=testuser" is in "cn=Search Group", I'm just
completely stuck. Anyone have suggestions?
Christopher M. Kellogg, GCFW
Principle Network Administrator, DynCorp, A CSC Company
6500 West Freeway Suite 600, Fort Worth, TX