To retrieve all the members of the group, use the following parameters in a search request:
- base object:
cn=engineering,ou=Groups,dc=domain,dc=com
- scope: base
- filter:
(&)
- requested attributes:
member
The response from the server (assuming the authorization state of the connection on which the search request is processed permits) will be a list of all the member
attribute values in that group.
If the LDAP client requires the full entry of each of the members, then transmit a search search request for each member. The client has the DN, so only a base level scope is required, and list each attribute to be retrieved.
Alternatively:
- base object:
ou=users,dc=domain,dc=com
- scope: one (if all objects are one level below
ou=users
) - filter:
(&(objectClass=inetorgPerson)(memberOf=cn=engineering,ou=Groups,dc=domain,dc=com))
- requested attributes, for example,
cn, homeDirectory
The response from the (assuming the authorization state of the connection on which the search request is processed permits) will be a list of inetOrgPerson
members that otherwise match the search parameters, such as being a member of that group.