checking if a user belongs to a group in ldap

0
votes

I'm new to LDAP and have a question.I want to check if particular user belongs to a particular group or not. i figured out how to query the ldap server.So it is right now able to check if the user exists on the server or not. but i couldn't figure out how to check the user with the right group (line below is what i have used)

l_retval := DBMS_LDAP.search_s(l_session,l_ldap_base, DBMS_LDAP.scope_subtree, 'objectclass=*', l_attrs, 0, l_message);

My main purpose is to authorize users of a particular group (not authenticate)

I have two bases-one for authorization (uid=anders,ou=ourusers,o=company) and one for the groups (cn=programmers,ou=groups,o=company)

Could anyone please guide me so as how to proceed!

3
ldap

3 Answers

1
votes

Use this filter, and make the search DN to be the DN of the group you want to check with.

(&(objectClass=*)(member=[userDN]))

The [userDN] is the full DN of the user to search for like cn=bob,ou=bar,o=foo. It won't work if it is not a full DN. If you just have a username, first get a DN of the user, and then use this filter.

0
votes

Use memberOf or isMemberOf to determine if an entry is a member of a group. See also this question.

0
votes


I'm new in the active directory too, but I have the feeling that skipping one generation, and directly use System.DirectoryServices.AccountManagement is the way to go.
One article I'be been reading is: http://msdn.microsoft.com/en-us/magazine/cc135979.aspx
I'll try to get back to your question later
There also seems to be a bug in the verion 4 of the .Net framework: it will bug if there is a group in the group you are looking at. Maybe a correction in version 4.5.