Get all groups where a user is member of in LDAP

Question

I'm using ApacheDS as directory server which is used in applications like Gogs (Git server like GitLab). My idea is to create groups like gogs-users and restrict the login to those group, so that only users who are member of that group are able to login. I have created a groupOfNames for this and a testuser, which is added to the gogs group.

The type of gogs-users is groupOfNames and it has an attribute member which contains the DN of my user (uid=testuser,ou=Users,DC=example,DC=com). So I'm able to see, who is a member of this group.

But I would like to see all groups where a user is a member of. When I open the testuser, I see no attribute that could tell me, that he's a member of gogs-users. I remember that the proprietary Active Directory had an attribute called memberOf whch was queryable in a filter like (&(objectClass=inetOrgPerson)(memberOf=CN=gogs-user,DC=example,DC=com)). That would be exactly what I need.

How can I get this in a free LDAP implementation? I see no way except defining a custom attribute - Which I had to maintenant per hand. That's not good, I would like to have an automated solution, that keep care of those attribute.

Things I already tried

• https://stackoverflow.com/a/34502363/3276634 No changes
• https://morenews.blogspot.de/2010/12/adding-active-directory-properties-to.html No changes, too

Note: I did a complete reset after each scheme import, to make sure, that my tests are not influenced by previous changes.

Answer 1

Here are Queries that will go either way but ONLY work for Microsoft Active Directory:

Resolves all members (including nested) Security Groups (requires at least Windows 2003 SP2):

(memberOf:1.2.840.113556.1.4.1941:=CN=gogs-user,DC=example,DC=com)

And All Groups a User is a member of including Nested Groups

(member:1.2.840.113556.1.4.1941:=CN=UserName,CN=Users,DC=YOURDOMAIN,DC=NET))