FreeIPA LDAPSearch for group membership

Question

Freeipa 4.9.10

Rocky 8.7

LdapSearch 2.4.46

I am trying to get the list of user's uid that belongs to specific group. Then ultimately get the email address of those users.

ldapsearch -x -H ldap://10.0.0.33 -W -D "cn=Directory Manager" '(memberOf=cn=admins,cn=groups,cn=accounts,dc=example,dc=com)'

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: (memberOf=cn=admins,cn=groups,cn=accounts,dc=example,dc=com)
# requesting: ALL
#

# search result
search: 2
result: 0 Success```

score 0 · Answer 1 · answered Apr 20 '23 at 12:37

0

Group membership information requires authenticated bind to see. You are using anonymous bind, hence not seeing those attributes.

answered Apr 20 '23 at 12:37

abbra

852
5
6

I already tried using authentication. with the following command: ldapsearch -x -H ldap://IP -W -D "uid=admin,cn=users,cn=accounts,dc=example,dc=com" '(memberOf=cn=admins,cn=groups,cn=accounts,dc=example,dc=com)' Enter LDAP Password: ldap_bind: Invalid credentials (49) – FrostyQueen Apr 20 '23 at 12:59
this means you entered incorrect password. This `ldapsearch` line works for me against my FreeIPA setup. – abbra Apr 20 '23 at 18:14

FreeIPA LDAPSearch for group membership

1 Answers1