I am trying to query the all group memberships of a particular user. Currently I can only get the groups the user is a direct member of, but none of the nested groups that the user is an indirect member of.
The setup is as following.
- Test user 'user-01'
- Test group 'group-a' which 'user-01' is a member of.
- Test group 'parent' which 'group-a' is a member of.
My intent is to perform a search where I get both 'group-a' and 'parent' back; currently I only get 'group-a' (the direct membership). Is there some way I can modify my query also get 'parent' in my search result?
This is my query:
ldapsearch -D 'cn=admin,dc=example,dc=org' -w admin -b 'dc=example,dc=org' "(&(objectClass=groupOfNames)(member=cn=user-01,dc=example,dc=org))" dn
This is my LDIF file:
dn: cn=user-01,dc=example,dc=org
sn: USER-01
cn: user-01
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
userPassword: 1234
mobile: +4670000001
dn: cn=group-a,dc=example,dc=org
cn: GROUP-A
objectClass: top
objectClass: groupOfNames
member: cn=user-01,dc=example,dc=org
dn: cn=parent-a,dc=example,dc=org
cn: GROUP-AB
objectClass: top
objectClass: groupOfNames
member: cn=group-a,dc=example,dc=org
I am using OpenLDAP.
