LDAP Search Wildcards in memberOf

ldap openldap ldap-query

Paul Croarkin · Mar 11, 2015 · Viewed 20k times · Source

We have an LDAP with a number of groups that follow this pattern:

Acme-MyApp-ABC-Admin
Acme-MyApp-ABC-Bottlewasher
Acme-MyApp-ABC-Cook
Acme-MyApp-DEF-Admin
Acme-MyApp-DEF-Bottlewasher
Acme-MyApp-DEF-Cook

etc repeated many times.

(&(objectClass=person)(memberOf=cn=Acme-MyApp-ABC-Admin,ou=Groups,dc=acme,dc=com))

correctly returns members of the Acme-MyApp-ABC-Admin group. We'd like to find members of all of the Admin groups.

(&(objectClass=person)(memberOf=cn=*-Admin,ou=Groups,dc=acme,dc=com))

Is it possible to put a wildcard within a DN?

Answer

Generally, Wildcard searches on DN's syntax attributes are not supported.

Some LDAP server implementation may support them. You question is tagged as OpenLDAP but the search filter appears to be more like an AD implementation.

I did find "Question about using an LDAP filter to get memberOf from an AD Group" on TechNet stating, ".. that wildcards are no allowed." (I am assuming he met NOT vs no)

-jim

LDAP Search Wildcards in memberOf

Answer

Related questions