Anonymous_User Absent Member.
Absent Member.
995 views

LDAP: Read group member list of eDir Group Object.

Hi.

how to use LDAP to query the member list of a eDir Group Object?

the attribute "member" seems not to be the appropriate one...


I'm using the ldap browser of Jarek Gawor v2.8.2 this way:

- select an Organisation
- Filter: (objectclass=group)
- Attributes: member

The result is for almost all groups "N/A".

When I create a blank group and add just *ONE* member, it seems to be displayed, but
there are also some other groups, that hold more than one member, that do *NOT*
return a "N/A", but display one (the alphabetical first) member user.




What do I miss?


Regards, Rudi.
Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: LDAP: Read group member list of eDir Group Object.

On 16/01/2012 16:01, Rudolf Thilo wrote:

> how to use LDAP to query the member list of a eDir Group Object?
>
> the attribute "member" seems not to be the appropriate one...
>
>
> I'm using the ldap browser of Jarek Gawor v2.8.2 this way:
>
> - select an Organisation
> - Filter: (objectclass=group)
> - Attributes: member
>
> The result is for almost all groups "N/A".
>
> When I create a blank group and add just *ONE* member, it seems to be displayed, but
> there are also some other groups, that hold more than one member, that do *NOT*
> return a "N/A", but display one (the alphabetical first) member user.
>
> What do I miss?


Perhaps a bug in the LDAP browser utility as command-line ldapsearch
seems to work, for objectClass=group (or groupOfNames).

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
hendersj Acclaimed Contributor.
Acclaimed Contributor.

Re: LDAP: Read group member list of eDir Group Object.

On Mon, 16 Jan 2012 17:16:02 +0000, Simon Flood wrote:

>> What do I miss?

>
> Perhaps a bug in the LDAP browser utility as command-line ldapsearch
> seems to work, for objectClass=group (or groupOfNames).


That's what I found as well.

Though the way group object memberships are populated could be an issue
as well - if LDAP was used to add group members by adding to the users'
"Groups" property, it's possible the member property wasn't populated
properly on the groups, IIRC.

Another thought is that it could be rights-related. Rudolf, are you
authenticating with the LDAP browser, or are you using an anonymous bind?

Jim



--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Solved: now using ICE (import convert export) in iManager

Hi Jim.

it's going smoothly with... :

iManager
eDir Maintenance
Import convert export
Export data to file on disk, verbose, log failed records, next
eDir Srv-ip, 389 (plain text) or 636 + ROOTCERT.DER path, auth login, next
Base DN: e.g. o=NameOfOrganisation, subtree, filter: objectclass=group, all
user-level attributes, next
file type: LDIF, no encryption, do not supress binary vals, do not base64 enc.
next
finish
check the log file for errors. no errors 😄
save the "export.ldf" file, done 😉



>Another thought is that it could be rights-related. Rudolf, are you
>authenticating with the LDAP browser, or are you using an anonymous bind?


Yes, I did.


Thanks for your reply, Rudi.






eDir eDirectory export group groups member members memberlist
ldap imanager ice export.ldf
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.