RFC 4519
defines object classes groupOfNames and
groupOfUniqueNames that describe entries for
representing lists of DNs (a group).
The command below displays all attributes for each entry where the
compound filter is true, matching on attributes
objectClass and cn (common name).
Filters like these would be expected to work in many common LDAP
server products. Object classes groupOfNames and
groupOfUniqueNames are defined for Microsoft Active
Directory, but they may not be used. Active Directory has a
group object class that is used to represent groups
of users.
ldapsearch \
'( &
( |
(objectClass=groupOfUniqueNames)
(objectClass=groupOfNames)
)
(cn=SOME_GROUP_NAME)
)' \
'*' +
The command below displays the member and
uniqueMember attributes for each entry where the
compound filter is true, matching on attributes
objectClass and cn (common
name).
ldapsearch \
'( &
( |
(objectClass=groupOfUniqueNames)
(objectClass=groupOfNames)
)
(cn=SOME_GROUP_NAME)
)' \
member uniqueMember
The command below is based on the command above, but it isolates the
uid for each member or
uniqueMember.
ldapsearch \
'( &
( |
(objectClass=groupOfUniqueNames)
(objectClass=groupOfNames)
)
(cn=SOME_GROUP_NAME)
)' \
member uniqueMember |
awk '
/^(member|uniqueMember):/ {
match($0,/uid=([^,]*),/,a);
if (length(a[1]) > 0)
print a[1];
else
print "pattern not found in " $0
}
'
The command below displays the distinguished name of any groups of
class groupOfNames or
groupOfUniqueNames where the given distinguished
name for some user (e.g.,
uid=jxd1234,ou=someOrgUnit,o=example.com,c=us) is a
member or a uniqueMember.
ldapsearch \
'( |
( &
(objectClass=groupOfNames)
(member=uid=jxd1234,ou=someOrgUnit,o=example.com,c=us)
)
( &
(objectClass=groupOfUniqueNames)
(uniqueMember=uid=jxd1234,ou=someOrgUnit,o=example.com,c=us)
)
)' \
dn