There is a scenario where I need to fetch all the group names for which a particular user is a member of, using LDAP query. The input will be: users distinguished name and the output should be: list of groups for whom this user is a member of.
So far I am able to fetch all the group names a user is member of except the primary group using below LDAP query:
Query:
dsquery * "member:LDAP_MATCHING_RULE_IN_CHAIN:=cn=user1,cn=Users,dc=example,dc=com"
Output:
"CN=group1,CN=Users,DC=example,DC=com"
"CN=mygroup,CN=Users,DC=example,DC=com"
The above query list all the groups "user1" is a member of except the primary group name which is "Domain Admins".
Some how figured out to get primary group RID instead using below LDAP query:
dsquery * "cn=user1,cn=Users,dc=example,dc=com" -scope base -attr primaryGroupID
But getting group name from group RID is again not working, instead if I would have got the primary group SID then that would be easy to get the group name. But what I am getting is primary group RID from which I am not able to fetch group name using LDAP.
Any help regarding this would be great, any way by which I can get the primary group name using some LDAP query only.
You want to use dsget rather than dsquery. This is how to find all groups for a particular member including nested groups and the primary group: