0

I am doing LDAP authentication for the user. Steps are - 1. when users enter his username on the login screen. 2. The request goes to the LDAP server and will try to validate the user against its corresponding group

filter :="(|(employeeNumber=deeps)(memberOf=CN=DEV_Admin,OU=LDAP,DC=TEMP,DC=com))"

This filter works fine and giving me the employee details of the relevant group.

Now the requirement changes -

When the user enters his employeeNumber =deeps

we have to validate him against different groups for example

  1. (memberOf=CN=DEV_Admin,OU=LDAP,DC=TEMP,DC=com)
  2. (memberOf=CN=DEV_View,OU=LDAP,DC=TEMP,DC=com)
  3. (memberOf=CN=DEV_Partial,OU=LDAP,DC=TEMP,DC=com)

Can anyone help me with writing a proper filter which checks against all those groups and gives me the user in one filter rather than writing three LDAP requests?

  • You should FIRST Authenticate the user with a proper bind. Then check to see of the user is Authorized for this particular application using filter as shown by Ludovic. – jwilleke Oct 18 '18 at 08:39
  • @jwilleke yes the full code has all those steps in which am first checking for proper bind. – asksharmadeepak Oct 22 '18 at 10:46

1 Answers1

0

The filter seems incorrect to me as it tests if the employeeNumber is deeps OR if entries are in the Dev_Admin group. It seems to me that you want an AND, not an OR.

To check the 3 groups, it would be the following filter:

(&(employeeNumber=deeps)(|(memberOf=CN=DEV_Admin,OU=LDAP,DC=TEMP,DC=com)(memberOf=CN=DEV_View,OU=LDAP,DC=TEMP,DC=com)(memberOf=CN=DEV_Partial,OU=LDAP,DC=TEMP,DC=com)))
Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • I have referred this link https://stackoverflow.com/questions/1032351/how-to-write-ldap-query-to-test-if-user-is-member-of-a-group for writing the filter. Also, I am aware of the above filter but that will only tell me that "user is a member of any one of the groups", whereas "want to check which group exactly user belong." – asksharmadeepak Oct 22 '18 at 10:51