LDAP query can it be done ?
I'm attempting to sync my application against AD's LDAP. what I'm trying to due is fully enumerate a list of users that belong to any group that has a particular value set as an extended attribute.
Example :
search DN: ou=groups,ou=@company,dc=corp,dc=trx,dc=com
filter: extensionattribute1=livelinkuser
This returns all the groups which is great but what I'm needing is to fully enumerate all the groups with the users inside I've tried the member and memberof with the memberof:1.2.840.113556.1.4.1941 but as yet have had no luck.
Can what I'm discribing be done ?
Re: LDAP query can it be done ?
From groups prespective the members attribute sounds the one that you're
looking for. You can try some links below that have information on using it very well. You can refer the same to collect more information on your process.
LDAP Directory Integration
Re: LDAP query can it be done ?
I would agree member or memberof would seem to be the right path but I can't seem to get them to work in the filter statment. Do you have any suggestions as nothing I've tried works.
search DN ou=groups,ou=@tronox,dc=corp,dc=trx, dc=com
filter memberof:1.2.840.113556.1.4.1941:(extensionattribute1=livelinkuser)
