How to filter LDAP users by groups from specific OU? I tried this query but LDAP returned no results:
(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=OU=it-department,OU=Cloud,DC=example,DC=com))
memberOf:1.2.840.113556.1.4.1941: works fine when I recursively filter members of specific group, but I guess it doesn't work with OU because there is not memberOf relations.
My approximate structure:
OU=Users
cn=dude1
cn=dude2
OU=it-department
cn=team-a (with members from /Users)
cn=team-b (with members from /Users)
You can't. AD doesn't allow you to do partial matches on any attribute that takes a distinguished name.
You could first query all groups in that OU by using (objectClass=group) and setting the search base to the OU. Then take all of those results and put all of the individual groups into one query, like this:
(&(objectClass=user)(|(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,OU=it-department,OU=Cloud,DC=example,DC=com)(memberOf:1.2.840.113556.1.4.1941:=CN=Group2,OU=it-department,OU=Cloud,DC=example,DC=com)))
That example shows two groups, and notice the OR operator |. You can add as many as you need.
That will give you a big list of users, but without telling you which user is in which group. If that's something you need to know, then you can query the members of each group individually.