How to filter the LDAP user which belongs to specific LDAP group?
Article ID: KB0093435
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
After a user binds to an LDAP server successfully, EMS searches for groups the user is a member of. If the user belongs to a large number groups, group results returned from the LDAP server will be very large. You can limit the group results or return the user in specific LDAP group by the following:
- Configure smaller scope of ldap_group_base_dn
- Configure "ldap_static_group_member_filte" in tibemsd.conf. For example,
ldap_static_group_member_filter = (&(cn=test*)(member=%s))
%s is the holder of the user DN.
Search sent to LDAP server is the following:
ldap_search_ext_s(0000000004C64480, "DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_SUBTREE, "(&(cn=test*)(member=CN=testuser,CN=Users,DC=ad,DC=for,DC=messaging,DC=support))", [cn, member, NULL], 0, [NULL], [NULL], 0)
Search result only includes groups which have the name pattern as "test*" (i.e test1, test2) and have member "testuser".
After a user binds to an LDAP server successfully, EMS searches for groups the user is a member of. If the user belongs to a large number groups, group results returned from the LDAP server will be very large. You can limit the group results or return the user in specific LDAP group by the following:
- Configure smaller scope of ldap_group_base_dn
- Configure "ldap_static_group_member_filte" in tibemsd.conf. For example,
ldap_static_group_member_filter = (&(cn=test*)(member=%s))
%s is the holder of the user DN.
Search sent to LDAP server is the following:
ldap_search_ext_s(0000000004C64480, "DC=ad,DC=for,DC=messaging,DC=support", LDAP_SCOPE_SUBTREE, "(&(cn=test*)(member=CN=testuser,CN=Users,DC=ad,DC=for,DC=messaging,DC=support))", [cn, member, NULL], 0, [NULL], [NULL], 0)
Search result only includes groups which have the name pattern as "test*" (i.e test1, test2) and have member "testuser".
Issue/Introduction
How to filter the LDAP user which belongs to specific LDAP group?
Additional Information
EMS User's Guide
KB 30209
KB 41449
KB 30209
KB 41449
Feedback
Yes
No
Powered by
