ldap query to search for a user and group

1.3k views Asked by At

I am trying to use ldapjs node library to search a user inside the group but this doesn't seems working. This is the ldap property:

{
  "dn": "CN=TOM H,OU=GLO_Users,OU=GLOBAL,OU=SITES,OU=Engineering,DC=example,DC=com",
  "controls": [
    
  ],
  "sAMAccountName": "toma",
  "objectClass": [
    "top",
    "person",
    "organizationalPerson",
    "user"
  ],
  "cn": "TOM H",
  "sn": "H",
  "memberOf": [
     "CN=g.some_group,OU=Distribution Groups,OU=Groups,OU=Corp,OU=Common,DC=example,DC=com",
   ]
....
....

I am trying to serch for a user whose sAMAccountName is "toma" and is memberOf group "g.some_group".

I have written this query for this purpose:

const opts = {
   filter: '(&(sAMAccountName=toma)(memberOf=CN=g.some_group))',
   scope: 'sub'
};

const client = ldap.createClient(url: 'some_ldap_server');

client.bind(...);

clinet.search("DC=example,DC=com", opts, (err, res) => {
   res.on('serchEntry', (entry: any) => {
      console.log("entry " + JSON.stringify(entry.object));
  })
  res.on('end', function(result: any) {
      console.log('status: ' + result); 
  });
});

This doesn't result any result. This just prints:

status: {"messageID":2,"protocolOp":"LDAPResult","status":0,"matchedDN":"","errorMessage":"","referrals":[],"controls":[]}

It seems there is some mistake in my query:

const opts = {
   filter: '(&(sAMAccountName=toma)(memberOf=CN=g.some_group))',
   scope: 'sub'
};

Can anyone please help me here.

1

There are 1 answers

5
Gabriel Luci On BEST ANSWER

You'll notice in the output of the object, the memberOf attribute contains the entire distinguished name (DN) of the group. That's what you need to include in the query. You're only including the CN portion in your query, which is why it isn't matching.

const opts = {
   filter: '(&(sAMAccountName=toma)(memberOf=CN=g.some_group,OU=Distribution Groups,OU=Groups,OU=Corp,OU=Common,DC=example,DC=com))',
   scope: 'sub'
};