Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
72:ldap_optional_attributes [2023/12/05 09:17] – [Optional Attributes] mmk | 72:ldap_optional_attributes [2024/02/15 00:00] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 51: | Line 51: | ||
|(& | |(& | ||
|(& | |(& | ||
- | <font inherit/ | + | ( |(sn=smith)(sn=wright)))|All entries that are users having surname set to " |
**NOTE**: In the | **NOTE**: In the | ||
- | <font inherit/ | + | |
There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a | There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a | ||
- | <font inherit/ | + | |
The following search filter example shows how to filter users according to a certain group membership using the memberOf attribute: | The following search filter example shows how to filter users according to a certain group membership using the memberOf attribute: | ||
- | '' | + | '' |
If the memberOf attribute is not available on your LDAP directory server, it is possible to retrieve the members of a certain group by querying the member attribute of a group entry. | If the memberOf attribute is not available on your LDAP directory server, it is possible to retrieve the members of a certain group by querying the member attribute of a group entry. | ||
The following search filter example shows how to query the users of a group without using the | The following search filter example shows how to query the users of a group without using the | ||
- | <font inherit/ | + | |
- | '' | + | '' |
The filter specifies that the distinguished name of the (group) entry has to be | The filter specifies that the distinguished name of the (group) entry has to be | ||
- | <font inherit/ | + | |
- | <font inherit/ | + | |
- | <font inherit/ | + | |
A complete example for retrieving group members without using the | A complete example for retrieving group members without using the | ||
- | <font inherit/ | + | |
- | '' | + | '' |
- | groupMemberAttribute=" | + | groupMemberAttribute=" |
=== The ondemandFilter Attribute === | === The ondemandFilter Attribute === |