LDAP: How get all users belongs to a group.

[Michael Ströder]

sajuptpm wrote:
> results = ldapClient.search_s("cn=My-Group-1,ou=Groups,o=CUST",
> ldap.SCOPE_BASE)
> 
> Is this method work for all types of groups (groupOfNames,
> posixGroup) ???

Yes, but the member attribute differs.

'member' in entries of object class 'groupOfNames' contains the DN of the
member's entry.

'memberUID' in entries of object class 'posixGroup' contains the 'uid' of the
member's entry if the original RFC 2307 is used. If the LDAP server uses a
draft-howard-rfc2307bis it behaves like groupOfNames.

Also there's object class 'groupOfUniqueNames' used most times on Sun DS which
contains the DN of the member's entry in attribute 'uniqueMember'.

Additionally organizationalRole -> roleOccupant contains DN of the member's
entry...

The default config of my web2ldap contains even more:

--------------------------------- snip ---------------------------------

    # The definitions for group entry administration
    groupadm_defs={
      'groupOfNames':       ('member',None),
      'groupOfUniqueNames': ('uniqueMember',None),
      'organizationalRole': ('roleOccupant',None),
      'rfc822MailGroup':    ('mail','mail'),
      'nisMailAlias':       ('rfc822MailMember','mail'),
      'mailGroup':          ('mgrprfc822mailmember','mail'),
      # Found on IBM SecureWay Directory
      'accessGroup':        ('member',None),
      # RFC2370
      'posixGroup':         ('memberUid','uid'),
      'nisNetgroup':        ('memberNisNetgroup','uid'),
      # Samba 3.0
      'sambaGroupMapping':  ('sambaSIDList','sambaSID'),
      # Active Directory
      'group':              ('member',None),
      # draft-findlay-ldap-groupofentries
      'groupOfEntries':     ('member',None),
      # Apple MAC OS X
      'apple-group':        ('apple-group-memberguid','apple-generateduid'),
    },

--------------------------------- snip ---------------------------------

Ciao, Michael.