[Freeipa-users] LDAP search for email address of user in a particular group
Dan Scott
danieljamesscott at gmail.com
Fri Nov 4 22:05:33 UTC 2011
Hi,
On Fri, Nov 4, 2011 at 17:38, Stephen Ingram <sbingram at gmail.com> wrote:
> On Fri, Nov 4, 2011 at 2:12 PM, Dan Scott <danieljamesscott at gmail.com> wrote:
>> ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
>> "(&(mail=${email_address})(memberOf=cn=usergroup,cn=groups,dc=example,dc=com"
>> -x
>>
>> In version 2, it looks like the memberOf attributes have been removed
>> from the user entries and the user group membership information is
>> stored only in the 'member' attribute of the individual group entries.
>>
>> Can someone help me modify the above command so that I can find users,
>> using their email address, who are also members of a particular group?
>> Preferably using one command.
>
> Dan-
>
> It looks like you are missing the cn=accounts in your filter:
>
> ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
> "(&mail=${email_address})(memberOf=cn=usergroup,cn=groups,cn=accounts,dc=example,dc=com)"
> -x ...
Thanks for spotting that, it was an error from when I was removing my
domain information.
However, the problem remains that the memberOf attributes don't exist
in FreeIPA V2, so I need to figure out another way to do the search.
Thanks,
Dan
More information about the Freeipa-users
mailing list