LDAP: Get list of users in a specific group

0
votes

I'm trying to get all users of a specific user group. I'm doing this in java, I can connect to ldap and get results from different queries. However I've searched to find solution but as far as I can tell the LDAP of my workplace is structured differently than what seems normal.

dn of users:

ou=Users,O=MYCOMPANY.COM

dn of the user group:

cn=Admin,ou=Profiles,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM

For the user group, cn is the privilege level / group name (Admin) and the name of the application is in an organisational unit. With this structure, how would I query for all users in this specific group?

I tried:

NamingEnumeration<?> namingEnum = ctx.search("ou=Users,O=MYCOMPANY.COM", "(cn=Admin,ou=Profiles,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM)", searchControls);

However what attributes would need to be in search controls? I use uid which is the users login name.

I also tried whats outlined here:

(&(objectCategory=user)(memberOf=cn=Admin,ou=MYAPP,ou=Applirights,O=MYCOMPANY.COM))

Nothing works and with that, I mean I get 0 results but no error. How can I achieve this with the given organisation of ldap?

2
javaldap

2 Answers

1
votes

Groups have something called memberOf: So try this:

search -s sub -b "DC=whatever,DC=mydomain,DC=com" "(&(objectCategory=user)(memberOf=CN=GROUP,DC=whatever,DC=mydomain,DC=com))"

you fill in whatever mydomain and GROUP above ^

0
votes

What attributes would need to be in search controls?

The attributes listed in searchControls are the ones you want returned. The one containing the group members. Depending on what objectClass the group object is, it might be:

  • uniqueMember for groupOfUniqueNames
  • roleOccupant for organizationalRole

and so forth.