I am new to LDAP (AD) and I wonder how can I retrieve all users of a group if the users itself doesn't have the "memberof" attribute (which should link to the group I think)?
Following LDAP Structure
- Users
- UserA (memberof=Group1)
- UserB (memberof=Group1,memberof=Group2)
- UserN ...
- Groups
- Group1 (member=UserA,member=UserB)
- Group2 (member=UserB)
- GroupX ...
- AppGroups
- App1 (member=UserA,member=UserB)
- AppX ...
So how can I query only the users which are members of App1 group from AppGroups if the users don't have the attributes memberof for this group?
I am trying to achive this with Alfresco. Querying the groups is no problem but I can't find a way to also sync the users (and only the users of the group App1)?
Thank you in advance!
You can either form a query that asks the server to retrieve all users whose memberof attribute contains your group's distinguished name, or, you can turn the logic around and ask the server to give you the member attribute of the group. The member attribute on a group contains all members' distinguished names. You can then obtain additional information about the users by reading the objects one-by-one.
Performance-wise, this is much slower, but if there is no memberof attribute on the users themselves, this might be the only option for you.