I think when Al said Otherwise, you might search user objects to evaluate which ones have the member attribute set to cn=bugz101 etc.
He meant Otherwise, you might search user objects to evaluate which ones have the memberof attribute set to cn=bugz101,blah,blah,blah,dc=com etc. Also, on this line That would be a much more expensive query in my mind. Note that in Windows 2000 this was definitely the case, it was MUCH MUCH MUCH slower quering the backlinks than the forward links. Microsoft made stellar advances here for Windows Server 2003 due to fully using the implicit index that exists for linked value attributes. The main point of slowness I have seen now in the difference between the two mechanisms is the time required to return the objects across the network since chasing backlinks returns multiple objects and looking at the forward link returns multiple values for a single object. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, November 16, 2005 2:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP search string. Something like: ldapsearch -h hostname -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -W -b "dc=opsware,dc=com" "cn=bugz101,cn=users,dc=opsware,dc=com" memberOf should give you the results you want. You want to search the group for the members vs. searching for users that are a memberOF the group because you already know the group name and it's location. You just don't yet know the members of that group. Otherwise, you might search user objects to evaluate which ones have the member attribute set to cn=bugz101 etc. That would be a much more expensive query in my mind. Al >From: "Mike Hogenauer" <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: <ActiveDir@mail.activedir.org> >Subject: RE: [ActiveDir] LDAP search string. Date: Wed, 16 Nov 2005 >10:45:09 -0800 > >Ok... So I changed the port but it still pulls back the same info all >related to the account snvbug. > >I was hoping to get a list of members of the group bugz101. > > > >dn: CN=snvbug,CN=Users,DC=opsware,DC=com > >objectClass: top > >objectClass: person > >objectClass: organizationalPerson > >objectClass: user > >cn: snvbug > >givenName: snvbug > >distinguishedName: CN=snvbug,CN=Users,DC=opsware,DC=com > >instanceType: 4 > >whenCreated: 20051116162449.0Z > >whenChanged: 20051116172242.0Z > >displayName: snvbug > >uSNCreated: 1657770 > >memberOf: CN=bugz101,CN=Users,DC=opsware,DC=com > >uSNChanged: 1659527 > >name: snvbug > >objectGUID:: gbZWZ+4yckewq8dCkrkBFg== > >userAccountControl: 66048 > >badPwdCount: 0 > >codePage: 0 > >countryCode: 0 > >badPasswordTime: 127766401222018909 > >lastLogoff: 0 > >lastLogon: 127766401346237659 > >pwdLastSet: 127766319749346878 > >primaryGroupID: 513 > >objectSid:: AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA== > >accountExpires: 9223372036854775807 > >logonCount: 0 > >sAMAccountName: snvbug > >sAMAccountType: 805306368 > >userPrincipalName: [EMAIL PROTECTED] > >objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com > >dSCorePropagationData: 20051116172242.0Z > >dSCorePropagationData: 20051116172242.0Z > >dSCorePropagationData: 20051116172242.0Z > >dSCorePropagationData: 20051116171656.0Z > >dSCorePropagationData: 16010108151056.0Z > >lastLogonTimestamp: 127766343852388433 > > > ># search result > >search: 2 > >result: 0 Success > > > > > > > >________________________________ > >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN >Sent: Wednesday, November 16, 2005 10:20 AM >To: ActiveDir@mail.activedir.org >Subject: RE : [ActiveDir] LDAP search string. > > > >Hi, > > > >The memebrof attribute is not replicated to the global catalog (port >3268), so you did not find it at all. > > > >Change the GC port (3268) to DC port (389). > >So just modify your request as followed > >ldapsearch -v -h $SERVER:389 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" >-x -W -b "CN=Users,DC=opsware,DC=com" >"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)" > > > >Yann > >________________________________ > >De: [EMAIL PROTECTED] de la part de Mike Hogenauer >Date: mer. 16/11/2005 18:59 >À: ActiveDir@mail.activedir.org >Objet : [ActiveDir] LDAP search string. > >All, > > > >I'm trying to get an instance of Bugzilla to authenticate against AD. >(Windows 2003 native domain) > >I've created and account called: snvbug and put it in the default >user's container for simplicity. > >I've also created a group called bugz101 and placed the users who I >want to have access to bugzilla in that group. > > > >My search now looks like this: > > > >ldapsearch -v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" >-x -W -b "CN=Users,DC=opsware,DC=com" >"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)" > > > >I'm still not able to pull back and group membership info. Is my search >string wrong? > >I've followed the instructions in the link below from a bugzilla >newsgroup and still no luck?!?! > > > >Any help is GREATLY appreciated. > > > >Related link: > >http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/ >b60eedc3602a222a?hl=en > > > >Thanks, > >Mike > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/