1

let's assume I have the user

CN=testuser1,OU=Users,DC=corp,DC=com

and I want to receive all groups where the user is registered as the owner. I am currently using the following filter:

(|(ManagedBy=CN=testuser1,OU=Users,DC=corp,DC=com)(msExchCoManagedByLink=CN=testuser1,OU=Users,DC=corp,DC=com))

However, it can happen that security groups are also entered as owners. How can I adjust the filter so that I can still find the right groups, even if the user is indirectly entered as the owner via a security group? Can this possibly be done with the matching rule OID 1.2.840.113556.1.4.1941 (LDAP_MATCHING_RULE_IN_CHAIN)?

thanks in advance!

Markus
  • 11
  • 1

1 Answers1

0

As ManagedBy is a dn Syntax and has a LinkID of 72, an even value implying that it is a forward link, then you should be able to use something similar to: (or in combination with others)

(ManagedBy:1.2.840.113556.1.4.1941:=N=testuser1,OU=Users,DC=corp,DC=com)

I have not tried this filter and there are limitations as to the depth of links that will be traversed in larger implementations.

jwilleke
  • 10,467
  • 1
  • 30
  • 51