[Freeipa-users] LDAP search for email address of user in a particular group
Rob Crittenden
rcritten at redhat.com
Fri Nov 4 22:13:45 UTC 2011
Dan Scott wrote:
> Hi,
>
> On Fri, Nov 4, 2011 at 17:38, Stephen Ingram<sbingram at gmail.com> wrote:
>> On Fri, Nov 4, 2011 at 2:12 PM, Dan Scott<danieljamesscott at gmail.com> wrote:
>>> ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
>>> "(&(mail=${email_address})(memberOf=cn=usergroup,cn=groups,dc=example,dc=com"
>>> -x
>>>
>>> In version 2, it looks like the memberOf attributes have been removed
>>> from the user entries and the user group membership information is
>>> stored only in the 'member' attribute of the individual group entries.
>>>
>>> Can someone help me modify the above command so that I can find users,
>>> using their email address, who are also members of a particular group?
>>> Preferably using one command.
>>
>> Dan-
>>
>> It looks like you are missing the cn=accounts in your filter:
>>
>> ldapsearch -b cn=users,cn=accounts,dc=example,dc=com
>> "(&mail=${email_address})(memberOf=cn=usergroup,cn=groups,cn=accounts,dc=example,dc=com)"
>> -x ...
>
> Thanks for spotting that, it was an error from when I was removing my
> domain information.
>
> However, the problem remains that the memberOf attributes don't exist
> in FreeIPA V2, so I need to figure out another way to do the search.
>
> Thanks,
>
> Dan
memberof should exist. memberof should be calculated on the fly from the
member information. I'm not sure why you aren't seeing it.
You can try this, substituting for your domain:
# /var/lib/dirsrv/scripts-EXAMPLE-COM/fixup-memberof.pl -D 'cn=directory
manager' -w - -b dc=example,dc=com -f "(objectclass=*)" -v
This should rebuild the memberof values.
rob
More information about the Freeipa-users
mailing list