OpenLDAP Server nested Group search string

Question

i got a small problem here regarding OpenLDAP. The problem is to search for the member of nested groups. Lets say i have this construct:

dn=domain,dn=local
- ou=people
  - cn=marvyn (inetOrgPerson)
- ou=department
  - cn=administration (groupOfNames)
- ou=application
  - cn=jira (groupOfNames)

marvyn is member of administration. administration is member of jira. I want to authenticate against jira and check if marvyn is in it but marvyn is in administrations which is member of jira. How do i need to search or build the search string to find out if marvyn is member of jira.

Thank you guys,

score 0 · Accepted Answer · answered Oct 22 '15 at 08:33

I solved the problem using 'alias' objects to consolidate groups into OU's.

This is the how to from openldap: http://www.openldap.org/faq/data/cache/1111.html

(Note you can change the object type to ou from cn to forward to an whole ou.)

dc=domain
- ou=applications
  - ou=jira
    - cn=jira-specific-group
    - ou(ALIAS)=all-groups-from-ou=groups,dc=domain
      - cn=sysadmin (not really there; located at ou=groups,dc=domain)
      - cn=development (not really there; located at ou=groups,dc=domain)
- ou=groups
  - cn=sysadmin
  - cn=development

If this solved the problem for you, then you should mark your answer as accepted. — kasperd, Oct 22 '15 at 09:02

score -1 · Answer 2 · answered Sep 21 '15 at 21:33

-1

You can't do this with a single search string. You have to write some code.

answered Sep 21 '15 at 21:33

user207421

1,010
6
16

2

Could you provide an example? – SkunKz Sep 21 '15 at 21:34

OpenLDAP Server nested Group search string

2 Answers2