You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Avneet Singh <fo...@gmail.com> on 2006/12/09 03:07:02 UTC
Generic ideas to query Groups from LDAP server
It's a repost.. didn't get any comments on the small algos below.. need help
on this
Need comment from experienced people on this point.
I was trying to write a generic algo which extracts Group info for
- all kinds of Groups (Static and Dynamic)
- major LDAP servers (Apache DS, OpenLDAP, MS Active Directory etc)
Based on my findings I came up with a high level algo.
Being inexperianced in the field I would request other users to comment on
these small algorithms.
------------------------------------------
1.. /* Get all static Groups */
get_All_Static_Groups()
{
Filter: (&(objectclass=groupofuniquenames))//for any DS
(&(objectclass=groupofnames))//for any DS
(&(objectclass=group))//for active directory
}
------------------------------------------
2../* Get all Dynamic Groups */
get_All_Dynamic_Groups()
{
//'memberOf' attribute of user
Step 1: Get all users
Step 2: Check their 'memberOf' attrib to get list of dynamic groups.
Note: This way its very ineffitient since we have to query all users first ,
is their no way to just do a databse type query, find all DISTINCT memberOf
attribs given a search base?
If not how else can we find list of such dynamic groups?
//URL type dynamic groups
Filter: (&(objectclass=groupOfURLs))
}
------------------------------------------
3../* If given user is member of a given static group */
is_Member_Of_Static_Group(groupname,userdn)
{
Filter:
(&(objectclass=groupofuniquenames)(cn=groupname)(uniquemember=userdn))//for
any DS
(&(objectclass=groupofnames)(cn=groupname)(member=userdn))//for any DS
(&(objectclass=group)(cn=groupname)(member=userdn))//for active directory
}
------------------------------------------
4../* If given user is member of a given dynamic group */
is_Member_Of_Dynamic_Group(groupname,userdn)
{
//'memberOf' attribute of user
Step 1: Filter: (&(objectclass=person)(memberOf=groupname))
//URL type dynamic groups
Step 1: Filter: (&(objectclass=groupOfURLs)(cn=groupname))
Step 2: use 'memberURL' attribute to chk if user is in the group
}
------------------------------------------
5../* Given a member find all static groups it belongs to */
find_All_Static_Groups_Of_User(userdn)
{
Filter: (&(objectclass=<groupClass>)(member=userdn))
}
------------------------------------------
6../* Given a member find all static groups it belongs to */
find_All_Dynamic_Groups_Of_User(usercn)
{
// Simply search for user node and get value of 'memberOf' attributes.
Filter: (&(objectclass=<userClass>)(cn=usercn))
}
------------------------------------------
--
Regds
Avneet Singh
781-492-4449
Re: Generic ideas to query Groups from LDAP server
Posted by Ersin Er <er...@gmail.com>.
Avneet, I am glad you seem to have found the right list (Umich LDAP list)
for such user level design questions. (I have seen your message there.)
On 12/9/06, Avneet Singh <fo...@gmail.com> wrote:
>
>
> It's a repost.. didn't get any comments on the small algos below.. need
> help on this
>
> Need comment from experienced people on this point.
>
> I was trying to write a generic algo which extracts Group info for
> - all kinds of Groups (Static and Dynamic)
> - major LDAP servers (Apache DS, OpenLDAP, MS Active Directory etc)
> Based on my findings I came up with a high level algo.
> Being inexperianced in the field I would request other users to comment on
> these small algorithms.
>
> ------------------------------------------
> 1.. /* Get all static Groups */
> get_All_Static_Groups()
> {
> Filter: (&(objectclass=groupofuniquenames))//for any DS
> (&(objectclass=groupofnames))//for any DS
> (&(objectclass=group))//for active directory
> }
>
> ------------------------------------------
> 2../* Get all Dynamic Groups */
> get_All_Dynamic_Groups()
> {
> //'memberOf' attribute of user
> Step 1: Get all users
> Step 2: Check their 'memberOf' attrib to get list of dynamic groups.
> Note: This way its very ineffitient since we have to query all users first
> ,
> is their no way to just do a databse type query, find all DISTINCT
> memberOf attribs given a search base?
> If not how else can we find list of such dynamic groups?
>
> //URL type dynamic groups
> Filter: (&(objectclass=groupOfURLs))
> }
>
> ------------------------------------------
> 3../* If given user is member of a given static group */
> is_Member_Of_Static_Group(groupname,userdn)
> {
> Filter:
> (&(objectclass=groupofuniquenames)(cn=groupname)(uniquemember=userdn))//for
> any DS
> (&(objectclass=groupofnames)(cn=groupname)(member=userdn))//for any DS
> (&(objectclass=group)(cn=groupname)(member=userdn))//for active directory
> }
>
> ------------------------------------------
> 4../* If given user is member of a given dynamic group */
> is_Member_Of_Dynamic_Group(groupname,userdn)
> {
> //'memberOf' attribute of user
> Step 1: Filter: (&(objectclass=person)(memberOf=groupname))
>
> //URL type dynamic groups
> Step 1: Filter: (&(objectclass=groupOfURLs)(cn=groupname))
> Step 2: use 'memberURL' attribute to chk if user is in the group
> }
>
> ------------------------------------------
> 5../* Given a member find all static groups it belongs to */
> find_All_Static_Groups_Of_User(userdn)
> {
> Filter: (&(objectclass=<groupClass>)(member=userdn))
> }
>
> ------------------------------------------
> 6../* Given a member find all static groups it belongs to */
> find_All_Dynamic_Groups_Of_User(usercn)
> {
> // Simply search for user node and get value of 'memberOf' attributes.
> Filter: (&(objectclass=<userClass>)(cn=usercn))
> }
> ------------------------------------------
> --
> Regds
> Avneet Singh
> 781-492-4449
>
--
Ersin