Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>There might be many answers. One possible answer is to construct a base DN using the principal and query the directory server using a scope of <code>base</code>, a filter <code>'(&amp;)'</code> and request the <code>isMemberOf</code> attribute. For example, on my test system using a modern <code>ldapsearch</code> command line tool and a principal of <code>user.0</code>:</p> <pre><code>ldapsearch --hostname localhost --port 1389 \ --bindDN 'cn=directory manager' --baseDn \ 'uid=user.0,ou=people,dc=example,dc=com' \ --searchScope base '(&amp;)' isMemberOf Password for user 'cn=directory manager': dn: uid=user.0,ou=people,dc=example,dc=com isMemberOf: cn=shadow entries,ou=groups,dc=example,dc=com isMemberOf: cn=persons,ou=groups,dc=example,dc=com </code></pre> <p>This method requires knowledge of the <code>namingContext</code>, in this case <code>dc=example,dc=com</code>, and where the users are located in the tree. Another, similar method when the location of the user is not known would be be to first search for the user, then use the distinguished name from the search results to perform the above query. If the <code>namingContext</code> is not known, it might be possible to discover the <code>namingContext</code> from the root DSE. To recover the <code>namingContext</code> from the root DSE, see this <a href="http://ff1959.wordpress.com/2011/04/11/the-root-dse-is-that-entry-with-zero-rdns-and-contains-information-about-the-directory-server/" rel="nofollow">article</a>.</p> <p>There are some widely used directory servers that do not correctly support the LDAP standard and will reject the filter <code>'(&amp;)'</code>, if your directory server is one of these, simply substitute the presence filter <code>'(objectClass=*)'</code>. There are many LDAP SDKs for Java, the one I prefer is the one from <a href="http://www.unboundid.com/products/ldap-sdk/" rel="nofollow">UnboundID</a>.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload