directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject Re: Generic ideas to query Groups from LDAP server
Date Sat, 09 Dec 2006 08:28:44 GMT
Avneet, I am glad you seem to have found the right list (Umich LDAP list)
for such user level design questions. (I have seen your message there.)

On 12/9/06, Avneet Singh <foravneet@gmail.com> wrote:
>
>
> It's a repost.. didn't get any comments on the small algos below.. need
> help on this
>
> Need comment from experienced people on this point.
>
> I was trying to write a generic algo which extracts Group info for
> - all kinds of Groups (Static and Dynamic)
> - major LDAP servers (Apache DS, OpenLDAP, MS Active Directory etc)
> Based on my findings I came up with a high level algo.
> Being inexperianced in the field I would request other users to comment on
> these small algorithms.
>
> ------------------------------------------
> 1.. /* Get all static Groups */
> get_All_Static_Groups()
> {
>  Filter: (&(objectclass=groupofuniquenames))//for any DS
>  (&(objectclass=groupofnames))//for any DS
>  (&(objectclass=group))//for active directory
> }
>
> ------------------------------------------
> 2../* Get all Dynamic Groups */
> get_All_Dynamic_Groups()
> {
> //'memberOf' attribute of user
> Step 1: Get all users
> Step 2: Check their 'memberOf' attrib to get list of dynamic groups.
> Note: This way its very ineffitient since we have to query all users first
> ,
> is their no way to just do a databse type query, find all DISTINCT
> memberOf attribs given a search base?
> If not how else can we find list of such dynamic groups?
>
> //URL type dynamic groups
> Filter: (&(objectclass=groupOfURLs))
> }
>
> ------------------------------------------
> 3../* If given user is member of a given static group */
> is_Member_Of_Static_Group(groupname,userdn)
> {
>  Filter:
> (&(objectclass=groupofuniquenames)(cn=groupname)(uniquemember=userdn))//for
> any DS
>  (&(objectclass=groupofnames)(cn=groupname)(member=userdn))//for any DS
>  (&(objectclass=group)(cn=groupname)(member=userdn))//for active directory
> }
>
> ------------------------------------------
> 4../* If given user is member of a given dynamic group */
> is_Member_Of_Dynamic_Group(groupname,userdn)
> {
> //'memberOf' attribute of user
>  Step 1: Filter: (&(objectclass=person)(memberOf=groupname))
>
> //URL type dynamic groups
>  Step 1: Filter: (&(objectclass=groupOfURLs)(cn=groupname))
>  Step 2: use 'memberURL' attribute to chk if user is in the group
> }
>
> ------------------------------------------
> 5../* Given a member find all static groups it belongs to */
> find_All_Static_Groups_Of_User(userdn)
> {
> Filter: (&(objectclass=<groupClass>)(member=userdn))
> }
>
> ------------------------------------------
> 6../* Given a member find all static groups it belongs to */
> find_All_Dynamic_Groups_Of_User(usercn)
> {
> // Simply search for user node and get value of 'memberOf' attributes.
> Filter: (&(objectclass=<userClass>)(cn=usercn))
> }
> ------------------------------------------
> --
> Regds
> Avneet Singh
> 781-492-4449
>



-- 
Ersin

Mime
View raw message