/build/static/layout/Breadcrumb_cap_w.png
04/03/2019 207 views

Hi, 

I'm using LDAP labels and wondering whether there's a way to define the search scope in the query so that i can nest an AD security group within a group and have members of the child successfully be enumerated as members of the parent.


Does this make sense?


Chris

0 Comments   [ + ] Show comments

Comments


All Answers

0

From page 16 of the KACE Appliance LDAP Reference Guide V1.4


If you have a group who’s
membership is other groups that contain users you can use a string to search through
the groups. Here is an example.
(&(samaccountname=KBOX_USER)(memberof:1.2.840.113556.1.4.1941:=CN=nestedgro
up,CN=Users,DC=whitman,DC=com))
It is the “:1.2.840.113556.1.4.1941:” after the memberof attribute that walks the
chain of ancestry in objects all the way to the root until it finds a match.

Answered 04/03/2019 by: flip1001
Fifth Degree Brown Belt