Join Log in
Score:0
André Fernandes avatar Server

LDAP: how to fetch group members by group's memberUid?

pk flag
André Fernandes

I'm trying to write a single LDAP search filter to retrieve users who are member of a particular group.

We're running a custom LDAP implementation (running on OpenLDAP: slapd 2.4.40), where the relations between user and groups are mapped Group (memberUid) -> User (uid).

The user LDIF does not have memberOf attributes, which makes it impossible to use the usual approach of (&(objectClass=person)(memberOf=login_group))

The user LDIFs look like:

dn: uid=user1,ou=people,dc=example,dc=com
cn: user1
displayName:: User1
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: posixAccount
uidNumber: 2698
uid: user1

The group LDIF are like this:

dn: cn=login_group,ou=groups,dc=example,dc=com
gidNumber: 1643
objectClass: posixGroup
objectClass: top
objectClass: groupOfUniqueNames
cn: login_group
memberUid: user1
memberUid: user2

Is it possible to write a single LDAP query that does the equivalent to an SQL JOIN, or "IN" filter, ex.

SELECT u.* FROM user u WHERE u.uid IN (SELECT memberUid FROM group WHERE cn=login_group)

It must be a single query since it will be used to control access to a third-party portal, we can't change the client implementation.

16
0 + 1
Alexander Pavluchenko avatar
pl flag
Alexander Pavluchenko
you can't do an SQL-like join in a single LDAP query. LDAP does not support this kind of sub-query logic. However, in a single query, you can search for members of a particular group: (&(objectClass=posixGroup)(cn=login_group)) When you run this filter, it will retrieve the login_group and its associated memberUid attributes, giving you a list of users in that group. in my opinion - schema should be modified to meet your requirents
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.