How can I create a security group in LDAP server?

Question

I am trying create a security group in LDAP server using unbounded-ldap-sdk but whenever I am trying to query the group with below filter, it is not returning the group.

Filter: (&(groupType:1.2.840.113556.1.4.803:=2147483648)(cn=test_group*))

The group is:

dn: CN=bpa,DC=developer,DC=tester,DC=example,DC=com objectClass: group groupType: -2147483646 instanceType: 4 objectClass: top objectCategory: Group cn: test_group distinguishedName: CN=bpa,DC=developer,DC=tester,DC=example,DC=com description: test group for testing name: test_group

Code to query the server:

javax.naming.directory.SearchControls searchControls = new javax.naming.directory.SearchControls();
searchControls.setReturningAttributes({'name', 'cn'});
searchControls.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);

DirContext.search("DC=developer,DC=tester,DC=example,DC=com", filter, searchControls);

Could you please help me to find out the problem?

score 0 · Answer 1 · answered May 02 '19 at 09:41

0

Well, it is complicated. Microsoft Active Directory classifies Groups in several different methods.

GroupType is a bitmask attribute.

The group type in your entry is groupType: -2147483646 which is a Global Security Group.

I see nothing wrong with your LDAP filter or the group. However, you do not show the baseDN of the group search or if you are querying the Global Catalog. You could have an issue with LDAP referrals being returned.

Please always Tell us what you have tried and show logs or results and Read: https://stackoverflow.com/help/how-to-ask

answered May 02 '19 at 09:41

jwilleke

10,467
1
30
51

Hello @jwilleke, I have updated the description with the code. Please note that `dc=com` was passed as base DN during LDAP server creation. – bpa.mdl May 02 '19 at 13:01
What is the context of the user performing the search? – jwilleke May 05 '19 at 08:42

How can I create a security group in LDAP server?

1 Answers1