Re: LDP query for user groups nested?

ok i corrected it as you stated, sorry i am not a heavy ldap user. I reran
the query and it does return the tokenGroups attribute. However each item
says <ldp: Binary blob>;

what is this or what does it mean? and is there a way to return the data in
readable format?

thank you for the help
e-

"Dean Wells [MVP]" wrote:

> In my earlier post you'll notice I mentioned that the base object DN
> within the search MUST be the user itself, not the parent OU or
> container. As such, if you wish to perform this action against many
> users, you'll need to re-iterate the query against each individually ...
> though I realize this seems an expensive action, it is curently a
> requirement.
>
> --
> Dean Wells [MVP / Directory Services]
> MSEtechnology
> [[ Please respond to the Newsgroup only regarding posts ]]
> R e m o v e t h e m a s k t o s e n d e m a i l
>
> Eric - ARUP wrote:
> > It makes sense but returns no results, as follows
> >
> > **Searching...
> > ldap_search_s(ld, "CN=users,DC=Domain,DC=net", 0, "objectclass=*",
> > attrList, 1, &msg)
> > Result <0>: (null)
> > Matched DNs:
> > Getting 1 entries:
> >>> Dn: CN=users,DC=Domain,DC=net
> >
> >
> > I am using LDP currently, is the syntax for the options > attributes
> > just 'tokenGroups'?
> >
> > thank you for your help
> > e-
> >
> > "Dean Wells [MVP]" wrote:
> >
> >> I'd initially suggest submitting something along the lines of the
> >> following query -
> >>
> >> base dn: <user object>
> >> scope: base
> >> filter: obectclass=*
> >> attributes: tokenGroups
> >>
> >> .... note that the scope of the query must be 'base' since
> >> tokenGroups is a constructed attribute and the DSA will not return
> >> its value with larger result sets.
> >>
> >> Does this suffice?
> >>
> >> --
> >> Dean Wells [MVP / Directory Services]
> >> MSEtechnology
> >> [[ Please respond to the Newsgroup only regarding posts ]]
> >> R e m o v e t h e m a s k t o s e n d e m a i l
> >>
> >> Eric - ARUP wrote:
> >>> Hello
> >>>
> >>> Is it possible to query AD for a user to get the groups he is a
> >>> member of, and if any of those groups are nested then also return
> >>> those uplevel groups as well.
> >>>
> >>> Currently testing this we query the user and get his memberOf, but
> >>> unless we query each group we dont get the uplevel groups for those
> >>> that are nested without a seperate query.
> >>>
> >>> thanks
> >>> e-
>
>
>
.

Relevant Pages

  • Re: LDP query for user groups nested?
    ... you'll need to re-iterate the query against each individually ... ... >> attributes: tokenGroups ... >>> member of, and if any of those groups are nested then also return ... >>> unless we query each group we dont get the uplevel groups for those ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP query for user groups nested?
    ... > attributes: tokenGroups ... note that the scope of the query must be 'base' since tokenGroups is ... >> member of, and if any of those groups are nested then also return ... >> unless we query each group we dont get the uplevel groups for those ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP query for user groups nested?
    ... google for download ADAM). ... > reran the query and it does return the tokenGroups attribute. ... though I realize this seems an expensive action, ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDP query for user groups nested?
    ... note that the scope of the query must be 'base' since tokenGroups is ... > unless we query each group we dont get the uplevel groups for those ...
    (microsoft.public.windows.server.active_directory)