Re: Reading groups from LDAP

[Michael S. <mi...@st...>]

Melita Mihaljevic wrote:
> On Wed, Jun 18, 2008 at 5:58 PM, Michael Ströder <mi...@st... 
> <mailto:mi...@st...>> wrote:
>     Michael Ströder wrote:
>         Melita Mihaljevic wrote:
>             My search filter is (it's all in one line):
>             search_filter =
>             '(|(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=usera*))
>             (&(objectClass=groupOfNames)(member=uid=usera*))
>             (&(objectClass=posixGroup)(memberUid=usera*)))'
> 
>         Why do you want to do wildcard searches? This is not guaranteed
>         to work since some of the member attributes might not even have
>         a SUBSTR matching rule assigned.
> 
> Because I know only uid and don't now the other user informations

The user enters some user name. During login you have to use a 
configurable search filter for searching the user's entry.

Something like:
user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'

An then replace %s with what the user entered as user name.

Then you have the DN and some more eventually needed attributes for 
conducting a exact search for the group entries a user is member of like 
I described in my former posting.

> Because in the MoinMoin I search only groups with uid in it,only those 
> are important for me.

LDAP directories can have user entries which do not have attribute 'uid' 
at all!

Ciao, Michael.