0

I'm new to LDAP and have a question.I want to check if particular user belongs to a particular group or not. i figured out how to query the ldap server.So it is right now able to check if the user exists on the server or not. but i couldn't figure out how to check the user with the right group (line below is what i have used)

l_retval := DBMS_LDAP.search_s(l_session,l_ldap_base, DBMS_LDAP.scope_subtree, 'objectclass=*', l_attrs, 0, l_message);

My main purpose is to authorize users of a particular group (not authenticate)

I have two bases-one for authorization (uid=anders,ou=ourusers,o=company) and one for the groups (cn=programmers,ou=groups,o=company)

Could anyone please guide me so as how to proceed!

skaffman
  • 398,947
  • 96
  • 818
  • 769
Snow Leopard
  • 347
  • 3
  • 7
  • 18

3 Answers3

1

Use this filter, and make the search DN to be the DN of the group you want to check with.

(&(objectClass=*)(member=[userDN]))

The [userDN] is the full DN of the user to search for like cn=bob,ou=bar,o=foo. It won't work if it is not a full DN. If you just have a username, first get a DN of the user, and then use this filter.

andr
  • 15,970
  • 10
  • 45
  • 59
Ashish
  • 51
  • 1
0

Use memberOf or isMemberOf to determine if an entry is a member of a group. See also this question.

Community
  • 1
  • 1
Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
0


I'm new in the active directory too, but I have the feeling that skipping one generation, and directly use System.DirectoryServices.AccountManagement is the way to go.
One article I'be been reading is: http://msdn.microsoft.com/en-us/magazine/cc135979.aspx
I'll try to get back to your question later
There also seems to be a bug in the verion 4 of the .Net framework: it will bug if there is a group in the group you are looking at. Maybe a correction in version 4.5.

PatTheFrog
  • 167
  • 3
  • 8