ldap query to search for a user and group

Question

I am trying to use ldapjs node library to search a user inside the group but this doesn't seems working. This is the ldap property:

{
  "dn": "CN=TOM H,OU=GLO_Users,OU=GLOBAL,OU=SITES,OU=Engineering,DC=example,DC=com",
  "controls": [
    
  ],
  "sAMAccountName": "toma",
  "objectClass": [
    "top",
    "person",
    "organizationalPerson",
    "user"
  ],
  "cn": "TOM H",
  "sn": "H",
  "memberOf": [
     "CN=g.some_group,OU=Distribution Groups,OU=Groups,OU=Corp,OU=Common,DC=example,DC=com",
   ]
....
....

I am trying to serch for a user whose sAMAccountName is "toma" and is memberOf group "g.some_group".

I have written this query for this purpose:

const opts = {
   filter: '(&(sAMAccountName=toma)(memberOf=CN=g.some_group))',
   scope: 'sub'
};

const client = ldap.createClient(url: 'some_ldap_server');

client.bind(...);

clinet.search("DC=example,DC=com", opts, (err, res) => {
   res.on('serchEntry', (entry: any) => {
      console.log("entry " + JSON.stringify(entry.object));
  })
  res.on('end', function(result: any) {
      console.log('status: ' + result); 
  });
});

This doesn't result any result. This just prints:

status: {"messageID":2,"protocolOp":"LDAPResult","status":0,"matchedDN":"","errorMessage":"","referrals":[],"controls":[]}

It seems there is some mistake in my query:

const opts = {
   filter: '(&(sAMAccountName=toma)(memberOf=CN=g.some_group))',
   scope: 'sub'
};

Can anyone please help me here.

Answer 1

You'll notice in the output of the object, the memberOf attribute contains the entire distinguished name (DN) of the group. That's what you need to include in the query. You're only including the CN portion in your query, which is why it isn't matching.

const opts = {
   filter: '(&(sAMAccountName=toma)(memberOf=CN=g.some_group,OU=Distribution Groups,OU=Groups,OU=Corp,OU=Common,DC=example,DC=com))',
   scope: 'sub'
};