LDAP label define the search scope
Hi,
I'm using LDAP labels and wondering whether there's a way to define the search scope in the query so that i can nest an AD security group within a group and have members of the child successfully be enumerated as members of the parent.
Does this make sense?
Chris
Answers (1)
From page 16 of the KACE Appliance LDAP Reference Guide V1.4
If you have a group who’s
membership is other groups that contain users you can use a string to search through
the groups. Here is an example.
(&(samaccountname=KBOX_USER)(memberof:1.2.840.113556.1.4.1941:=CN=nestedgro
up,CN=Users,DC=whitman,DC=com))
It is the “:1.2.840.113556.1.4.1941:” after the memberof attribute that walks the
chain of ancestry in objects all the way to the root until it finds a match.