CODEWITHSUNDEEP
ldapopenldapldap-query
Tommy
Tommy

Reputation: 4111

Filtering LDAP returned attributes

So we have this LDAP query (against OpenLdap)

(&(objectClass=groupOfNames)(member=cn=admin,dc=test,dc=com))

The query returns all groups that admin is member of. It also returns all other users in those groups. This is an issue when you have +10.000 users that are in the same group.

Is there a way to just return the group names? Like an returned attributes filter?

In Java there is an option like that but I don't know if it just does the query and filters the results clientside, or how to write it as a LDAP query. Example: 

String returnedAtts[]={"memberOf","name","mail"};
search.setReturningAttributes(returnedAtts);
NamingEnumeration answer = ctx.search(searchBase, "(&(objectClass=user)(sAMAccountName="+username+"))", search);

Yes I know. Using memberOf would be a more better option. But this LDAP doesn't have that attribute

Upvotes: 0

Views: 6786

Answers (2)

jwilleke
jwilleke

Reputation: 10976

A filter like (&(objectClass=groupOfNames)(member=cn=admin,dc=test,dc=com)) should not return all the member(s) of the groups. It will return all the groups that the user is a member of.

A filter like (&(objectClass=groupOfNames)(cn=yourdesiredgroupname)(member=cn=admin,dc=test,dc=com))

Will return only the group of interest. Setting the returned attributes to CN will return only the group name.

Upvotes: 1

Vilmantas Baranauskas
Vilmantas Baranauskas

Reputation: 6726

If you use setReturningAttributes(list), LDAP server will return only those. You do not have to include the attributes your search filter is based on. This is the correct solution to your problem.

Upvotes: 2

Related Questions