Listing group members using ldapsearch

Posted by colemanm on Server Fault See other posts from Server Fault or by colemanm
Published on 2010-04-13T17:15:59Z Indexed on 2010/04/13 17:23 UTC
Read the original article Hit count: 424

Filed under:
|
|

Our corporate LDAP directory is housed on a Snow Leopard Server Open Directory setup. I'm trying to use the ldapsearch tool to export an .ldif file to import into another external LDAP server to authenticate with externally; basically trying to be able to use the same credentials internally and externally.

I've got ldapsearch working and giving me the contents and attributes of everything in the "Users" OU, and even filtering down to only the attributes I need:

ldapsearch -xLLL -H ldap://server.domain.net / 
 -b "cn=users,dc=server,dc=domain,dc=net" objectClass / 
 uid uidNumber cn userPassword > directorycontents.ldif

That gives me a list of users and properties that I can import to my remote OpenLDAP server.

dn: uid=username1,cn=users,dc=server,dc=domain,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: organizationalPerson
uidNumber: 1000
uid: username1
userPassword:: (hashedpassword)
cn: username1

However, when I try the same query on an OD "group" instead of a "container," the results are something like this:

dn: cn=groupname,cn=groups,dc=server,dc=domain,dc=net
objectClass: posixGroup
objectClass: apple-group
objectClass: extensibleObject
objectClass: top
gidNumber: 1032
cn: groupname
memberUid: username1
memberUid: username2
memberUid: username3

What I really want is a list of users from the top example filtered based on their group memberships, but it looks like membership is set from the Group side, rather than the user account side. There must be a way to filter this down and only export what I need, right?

© Server Fault or respective owner

Related posts about ldap

Related posts about opendirectory