2014-04-07 21:48 GMT+05:30 Mark Pröhl <m...@mproehl.net>: > Am 07.04.2014 15:55, schrieb Dan White: > >> On 04/07/14 11:06 +0530, Sankar P wrote: >>> >>> Hi, >>> >>> I have the SID of an AD group. I want to get the list of members who >>> belong to that group. All the documentation page that I search for >>> points me to the reverse only (i.e., getting all the groups membership >>> information of a user). >>> >>> Can someone show me to the relevant way to get the users who belong to >>> a group whose SID I have ? >> >> >> ldapsearch -Y DIGEST-MD5 -U joe -H ldap://192.0.2.1 \ >> -b "dc=example,dc=com" -s "sub" "objectSid=XXX" dn >> > > as an alternative you can do the following: > > ldapsearch -b '<sid=S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX>' > member >
I tried to do this using the C openldap binding and when having "objectSid" as the filter, I get the full DN of the group but not its members. If I just use "sid" I get nothing. The count of the results returned is zero. My source code is: http://paste.opensuse.org/74038351 Can you help with it ? What do I miss ? Thanks. -- Sankar P http://psankar.blogspot.com