ldap - ldapsearch not showing all groups & members of groups
using ldapsearch to list the members of a group with a certain group list
(our real domain/ou renamed to domain for this forum)
kye-oes01:~ # cat /etc/novell-release
Open Enterprise Server 2018 (x86_64)
VERSION = 2018.3
PATCHLEVEL = 3
kye-oes01:~ # ndsrepair -T
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: kye-oes01.O=Domain.OUR-TREE
Repair utility for NetIQ eDirectory 9.0 - 9.2.6.0000 v40207.00
DS Version 40207.00 Tree name: OUR-TREE
Server name: .kye-oes01.Domain
---
- list all groups (then grep to list groups I'm interested in)
kye-oes01:~ # ldapsearch -H ldaps://kye-oes01.Domain.local:636 -x -b "o=Domain" -S dn: "objectClass=group" | grep Group-Internet
# Group-Internet-Kids1, Domain
dn: cn=Group-Internet-Kids1,o=Domain
# Group-Internet-Technology2, Domain
dn: cn=Group-Internet-Technology2,o=Domain
# Group-Internet-OCC2, Domain
dn: cn=Group-Internet-OCC2,o=Domain
# Group-Internet-Administration2, Domain
dn: cn=Group-Internet-Administration2,o=Domain
# Group-Internet-Administration1, Domain
dn: cn=Group-Internet-Administration1,o=Domain
# Group-Internet-Accounting1, Domain
dn: cn=Group-Internet-Accounting1,o=Domain
# Group-Internet-Corporate2, Domain
dn: cn=Group-Internet-Corporate2,o=Domain
# Group-Internet-OCC1, Domain
dn: cn=Group-Internet-OCC1,o=Domain
# Group-Internet-Technology1, Domain
dn: cn=Group-Internet-Technology1,o=Domain
# Group-Internet-Corporate1, Domain
dn: cn=Group-Internet-Corporate1,o=Domain
-list of groups that start with 'Group-Internet-*'
- list 5, but there are 10 (listed above)
- why missing some groups
kye-oes01:~ # ldapsearch -H ldaps://kye-oes01.Domain.local:636 -x -b "o=Domain" cn=Group-Internet-* -S dn: "objectClass=group"
# extended LDIF
#
# LDAPv3
# base <o=Domain> with scope subtree
# filter: cn=Group-Internet-*
# requesting: objectClass=group
#
# Group-Internet-Accounting1, Domain
dn: cn=Group-Internet-Accounting1,o=Domain
# Group-Internet-Corporate1, Domain
dn: cn=Group-Internet-Corporate1,o=Domain
# Group-Internet-Corporate2, Domain
dn: cn=Group-Internet-Corporate2,o=Domain
# Group-Internet-OCC1, Domain
dn: cn=Group-Internet-OCC1,o=Domain
# Group-Internet-Technology1, Domain
dn: cn=Group-Internet-Technology1,o=Domain
# search result
search: 2
result: 0 Success
# numResponses: 6
# numEntries: 5
---
- list members of certain group
kye-oes01:~ # ldapsearch -H ldaps://kye-oes01.Domain.local:636 -x -b "o=Domain" cn=Group-Internet-Technology1 member
# extended LDIF
#
# LDAPv3
# base <o=Domain> with scope subtree
# filter: cn=Group-Internet-Technology1
# requesting: member
#
# Group-Internet-Technology1, Domain
dn: cn=Group-Internet-Technology1,o=Domain
member: cn=John Goutbeck,o=Domain
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
- list members of certian group
- but this group has a member listed in iManager
- why does it not show the member
- some groups will list members while other groups do not show members, even though they have members
- and a few groups do not have members, they should still show as a group but without members
kye-oes01:~ # ldapsearch -H ldaps://kye-oes01.Domain.local:636 -x -b "o=domain" cn=Group-Internet-Technology2 member
# extended LDIF
#
# LDAPv3
# base <o=Domain> with scope subtree
# filter: cn=Group-Internet-Technology2
# requesting: member
#
# search result
search: 2
result: 0 Success
# numResponses: 1
---
Any solutions, suggestions?