07-09-2015
LDAP Group query
I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation.
Below are the details -
================
LDIF entry for OndotAPI group
dn: cn=OndotAPI,ou=Groups,o=CNS
changetype: add
objectClass: top
objectClass: groupOfNames
objectClass: CCGroupApplication
cn: OndotAPI
# OndotAPI, Groups, CNS
dn: cn=OndotAPI,ou=Groups,o=CNS
member: cn=OndotUsr,ou=WebServices,o=fiserveft
member: uid=test1113,ou=People,o=CNS
member: uid=rtest901,ou=People,o=CNS
member: cn=OndotUsr2,ou=WebServices,o=fiserveft
AND
LDIF entry for CREATE_SESSION role. Notice the user OndotUsr is also a member of that role.
dn: cn=CREATE_SESSION,ou=Groups,o=CNS
changetype: add
objectClass: top
objectClass: groupOfNames
objectClass: CCGroupRole
cn: CREATE_SESSION
# CREATE_SESSION, Groups, CNS
dn: cn=CREATE_SESSION,ou=Groups,o=CNS
member: cn=OndotUsr,ou=WebServices,o=fiserveft
member: uid=test1113,ou=People,o=CNS
member: uid=rtest901,ou=People,o=CNS
member: cn=OndotUsr2,ou=WebServices,o=fiserveft
So I need to verify using LDAP query that OndotUsr is a member of both the group - OndotAPI and CREATE_SESSION.
If this sounds difficult, then i need to write two queries one after the another in my program.
1) 1st query to see if OndotUsr is member of OndotAPI
2) if Yes, then only it'll run second query.
2n query to find if the OndotUsr is member of CREATE_SESSION group.
Need your help in writing this query.
Thank you.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi
I'm not a programmer but am muddling through as best I can. I am trying to set up a PostSearchHook for Radiator (RADIUS server), that carries out an LDAP lookup, and, based on the
string returned ("staff" or "student") in the "businessCategory" attribute, will set the $role to be either 40... (3 Replies)
Discussion started by: mikie
3 Replies
2. UNIX for Dummies Questions & Answers
I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist.
Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies
3. Red Hat
I can't seem to make sense of this.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga)
$
$ mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies
4. Emergency UNIX and Linux Support
Hi all
We have squid-2.5.STABLE11-3.FC4 running in our environment.
LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies
5. Shell Programming and Scripting
Hi All,
I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line.
ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz"
Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies
6. Solaris
I have a test environment which is running RedHat 6.5 Identity management. On the lab network are two Solaris 10 (U11) machines. I can successfully log into the S10 machines using the ldap username/passwords. However, I have a problem with groups and although I found through an internet search one... (3 Replies)
Discussion started by: cjhilinski
3 Replies
7. Emergency UNIX and Linux Support
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
8. Web Development
trying to implement authz to a webpage using require ldap-group. It works, except I need to do apachectl restart before the server will observe an add or a delete to the group.
Seems like apache is acquiring the group membership at startup & caching it.
It's a static group.
I have apache... (0 Replies)
Discussion started by: maraixadm
0 Replies
9. UNIX for Advanced & Expert Users
Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX?
I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies
10. UNIX for Advanced & Expert Users
I have an in interesting dilemna that I am trying to address. I have some ldap queries that I use to retrieve user information to perform access validations on a quarterly/annual basis. I can successfully pull the local users, and I can use ldapsearch to pull back all the users from the DN as well.... (7 Replies)
Discussion started by: dagamier
7 Replies
LEARN ABOUT DEBIAN
net::ldap::control::managedsait
Net::LDAP::Control::ManageDsaIT(3pm) User Contributed Perl Documentation Net::LDAP::Control::ManageDsaIT(3pm)
NAME
Net::LDAP::Control::ManageDsaIT - LDAPv3 Manage DSA-IT control object
SYNOPSIS
use Net::LDAP;
use Net::LDAP::Control::ManageDsaIT;
$ldap = Net::LDAP->new( "ldap.mydomain.eg" );
$manage = Net::LDAP::Control::ManageDsaIT->new( critical => 1 );
$msg = $ldap->modify( 'dc=sub,dc=mydomain,dc=eg",
changes => [
delete => { ref => 'ldap://ldap2/dc=sub,dc=mydom,dc=eg' },
add => { ref => 'ldap://ldap3/dc=sub,dc=mydom,dc=eg' } ],
control => [ $manage ] );
die "error: ",$msg->code(),": ",$msg->error() if ($msg->code());
DESCRIPTION
"Net::LDAP::Control::ManageDsaIT" provides an interface for the creation and manipulation of objects that represent the "ManageDsaIT"
control as described by RFC 3296.
CONSTRUCTOR ARGUMENTS
Since the "ManageDsaIT" control does not have any values only the constructor arguments described in Net::LDAP::Control are supported
METHODS
As there are no additional values in the control only the methods in Net::LDAP::Control are available for "Net::LDAP::Control::ManageDsaIT"
objects.
SEE ALSO
Net::LDAP, Net::LDAP::Control,
AUTHOR
Peter Marschall <peter@adpm.de>.
Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@perl.org>
COPYRIGHT
Copyright (c) 2004 Peter Marschall. All rights reserved. This program is free software; you can redistribute it and/or modify it under the
same terms as Perl itself.
perl v5.14.2 2012-01-29 Net::LDAP::Control::ManageDsaIT(3pm)