Chuck Theobald wrote:
Is there a way to perform a single query an LDAP database such that I can retrieve the group name (cn) from a user's full name (cn). My structure holds user accounts in ou=People and groups in ou=Group. I know I can ask for gidNumber from the People tree, then reference the group in the Group tree, but with an SQL background, I would like a single query.
Not feasible in general. The LDAP functional model is much simpler than SQL.Depending on the group schema used in your deployment you could configure the server with slapo-memberof. Then slapd maintains a back-link to the group entries from the member entry. By default it's attribute 'memberOf' (configurable) and always contains the full DN of all group entries. This only works if using RFC 2307bis style posixGroup entries with attribute 'member' pointing to member entries (not 'memberUID').
If you have to provide also 'memberUID' group relation attribute to some legacy clients you can define a hybrid groupOfNames/posixGroup object class like described herein:
http://www.ietf.org/mail-archive/web/ldapext/current/msg02112.html Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature