Using CentOS 7.5, Apache 2.4.6. Running in a VM. No SSL.
I followed https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ and configured OpenLDAP.
I created users and used the ldap_bind($ds, $userid, $password) to check if a valid user & password exists.
Now I am trying to find if a user is a member of a particular group. For that, I looked at ldap query for group members (among others)
I think that I am making a mistake in creating the group.
Should I create an organizationalRole, group or posixGroup? As the final objective is to check which users are authorized to use which applications and functions therein (add/update/delete/etc.) I would say that organizationalRole is the thing to make. At the moment, I used:
groups.ldif:
dn: cn=MyAppUsers,dc=mydept,dc=mycompany
objectClass: top
objectclass: posixGroup
cn: Authorized App1 Users
description: Users allowed to use App1
users.ldif:
dn: cn=MyAppUsers,dc=mydept,dc=mycompany
changetype: modify
add: memberUid
memberUid: cn=user1,ou=People,dc=mydept,dc=mycompany
memberUid: cn=user2,ou=People,dc=mydept,dc=mycompany
I tried different combinations of filters in ldap_search($ds,$basedn,$filter) but just can't seem to find the correct one. So, I'm thinking that it's not the query which is wrong, but the manner in which the group was created.
