Re: Retrieve list of groups that a user belongs to

[<harry.devine@xxxxxxx>]

OK, an update: got it to work eventually by adding the –b <baseDn> flag.  I read somewhere after my initial email that it was required.  However, I also found some info by Googling that said that I had to add the objetclass inetUser to each user that I wanted to have the memberOf attribute.  I added this to one account to test, then re-ran the fixup-memberof.pl script and it added the groups that user was in into that account, so that worked great.

 

We have about 800 users, and not all are group members (some accounts are strictly for authentication and have no posix attributes), so is there a way that I can script something to add inetUser to each account where they have group memberships?  Each user that has this need has the posixAccount objectclass, so perhaps that could be something to key on?

 

Thanks for any help!

Harry

 

From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Devine, Harry (FAA)
Sent: Tuesday, April 07, 2015 8:50 AM
To: mreynolds@xxxxxxxxxx; 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [389-users] Retrieve list of groups that a user belongs to

 

I enabled the memberOf plugin but when I try to run the fixup-memberof.pl script, I get the usage prompt back.  I ran it as the link you provided says:

 

./fixup-memberof.pl –D “cn=Directory Manager” –w <password>

 

Do I need to put in the –b baseDn parameter?  Also, I tried to follow the link in the RedHat document you sent that refers to the command line tools syntax (section 6.1.4.5.1) but that link is broken.

 

Thanks!

Harry

 

From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mark Reynolds
Sent: Monday, April 06, 2015 10:58 AM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Retrieve list of groups that a user belongs to

 

 

On 04/06/2015 10:28 AM, harry.devine@xxxxxxx wrote:

I know this is slightly off topic, but I thought that maybe someone on this list could be of some assistance.  I need to get the list of groups that a particular user belongs to, similar to the linux command line program ‘groups’.  I would like to provide a user name to search, and have all groups that this user belongs to be returned.  Is this possible in 389-ds?  I have been Googling for days and most results that I come up with have to do with Windows Active Directory, or other custom LDAP implementations.

Just use ldapsearch with a proper filter:

"(|(member=USERNAME)(uniquemember=USERNAME))"

You could use the memberof plugin to make this much easier - where the plugin will add the "memberOf" attribute to each user entry, and display all the groups that use belongs to:

dn: uid=USERNAME,dc=example,dc=com
...
memberOf: cn=group1,dc=example,dc=com
memberOf: cn=group29,dc=example,dc=com

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management.html#groups-cmd-memberof

Note - you will need to run the "memberof fixup task" to generate these attributes on existing entries.

Mark

 

Thanks for any help!

Harry

 

Harry Devine

DOT/FAA/AJM-2413

Common ARTS Software Development

harry.devine@xxxxxxx

(609)485-4218

 

--

389 users mailing list

389-users@xxxxxxxxxxxxxxxxxxxxxxx

https://admin.fedoraproject.org/mailman/listinfo/389-users

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users