Re: Retrieve list of groups that a user belongs to

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

lots of ways of doing this…  what Mark notes is one way.

if you don’t have memberOf or isMemberOf attributes managed: obtain DN of object in question.  Search for 
(|(&(objectclass=groupOfNames)(member=USERDN))(&(objectclass=groupOfUniqueNames)(uniquemember=USERDN)))

if a user is a member of a lot of groups, then adjust the search limits upward for the DN performing the search.

also, have a look at grouper - https://spaces.internet2.edu/display/Grouper/ if you are interested in a full-blown groups/permissions management environment.  Developed for Higher Ed, by Higher Ed.  There is really nothing else like it, unfortunately.

hope this helps.

/mrg

On Apr 6, 2015, at 10:58 AM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote:



On 04/06/2015 10:28 AM, harry.devine@xxxxxxx wrote:
I know this is slightly off topic, but I thought that maybe someone on this list could be of some assistance.  I need to get the list of groups that a particular user belongs to, similar to the linux command line program ‘groups’.  I would like to provide a user name to search, and have all groups that this user belongs to be returned.  Is this possible in 389-ds?  I have been Googling for days and most results that I come up with have to do with Windows Active Directory, or other custom LDAP implementations.
Just use ldapsearch with a proper filter:

"(|(member=USERNAME)(uniquemember=USERNAME))"

You could use the memberof plugin to make this much easier - where the plugin will add the "memberOf" attribute to each user entry, and display all the groups that use belongs to:

dn: uid=USERNAME,dc=example,dc=com
...
memberOf: cn=group1,dc=example,dc=com
memberOf: cn=group29,dc=example,dc=com

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof

Note - you will need to run the "memberof fixup task" to generate these attributes on existing entries.

Mark


 
Thanks for any help!
Harry
 
Harry Devine
DOT/FAA/AJM-2413
Common ARTS Software Development
(609)485-4218
 


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux