[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Inappropriate matching
I am trying to find out if a cn is part of a group using a search as follows:
ldapsearch -h ldapnds -b "cn=Multiple login Admin,ou=ITD,ou=MPK,ou=GT,o=ESKOM" "member=cn=ellerbrR*"
The group looks as follows:
cn=Multiple Login Admin,ou=ITD,ou=MPK,ou=GT,o=ESKOM
objectClass=top
objectClass=groupOfNames
revision=198
member=cn=EllerbrR,ou=ITD,ou=MPK,ou=GT,o=ESKOM
member=cn=SchuttAC,ou=ITD,ou=MPK,ou=GT,o=ESKOM
member=cn=FisherB,ou=ITS,ou=NGY,ou=KN,o=DSNET
member=cn=MienieP,ou=ITD,ou=MPK,ou=GT,o=ESKOM
member=cn=GroeneGM,ou=ITD,ou=MPK,ou=GT,o=ESKOM
member=cn=GrpWise,ou=MPK,ou=GT,o=ESKOM
cn=Multiple Login Admin
When I do a partial search as above, I get "ldap_search: Inappropriate matching" back from ldap. Is there any particular reason why you cannot do a partial match against a member? If I use a full DN, all works fine.
Or, alternatively, what is the correct search syntax to find out if a cn is a member of a group. Maybe such a search does not make sense as the cn may not be unique.
--
Richard Ellerbrock
richarde@eskom.co.za