Is there an LDAP standard group membership attribute for users?

active-directory ldap openldap
14,348

By the standards, only the member attribute on the group (as used by Microsoft Active Directory) can be "counted" on.

RFC 4519 section 2.17 states: "The 'member' attribute type contains the distinguished names of objects that are on a list or in a group. Each name is one value of this multi-valued attribute."

The memberOF (used by Microsoft Active Directory) and groupMberShip (used by eDirectory) are implementation specific attribute added to the user.

The memberOF (used by Microsoft Active Directory) attribute is controlled by the server and is not modifiable. (flagged as Read Only from LDAP and System-Only in MS speak)

-jim

Share:
14,348
tftd
Author by

tftd

Updated on June 06, 2022

Comments

  • tftd
    tftd almost 2 years

    I'm currently working on an application which uses LDAP as an authentication method. I was wondering if the LDAP protocol has a standard membership attribute which would hold the user's group? So far memberOf is working in OpenLDAP and Active Direcotry but not in Apache DS. I couldn't find this attribute in the RFCs so I'm kind of confused. Should I be using the memberOf attribute or I need to go the old fashion way traversing over all of the groups to find which group has the member?

    • user207421
      user207421 about 10 years
      'memberOf' is an operational attribute so you won't find it in RFCs. OpenLDAP only has it if you configure it.
    • tftd
      tftd about 10 years
      Thank you for clearing this! Are there any other "workarounds" except traversing? I would like to avoid it, if possible.
    • Ashigore
      Ashigore about 10 years
      @tftd memberOf only holds groups that the user is directly a member of anyway, not groups they are a member of via other group members.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the other alternative to test a LDAP connection on linux machine
I need to find out disabled users from ldap
Finding DNS name of exchange server for user using LDAP
Configuring OpenLDAP as a Active Directory Proxy
ldapquery an Active Directory server for users that belongs to a group named X
ldapsearch against Active Directory fails authentication + search params wrong
How do I migrate user-accounts from OpenLDAP to Active-Directory?
Finding closest Domain Controller through LDAP
Can't query AD using Kerberos from Linux host
Linux and Azure AD sync possible?