LDAP: how to fetch group members by group's memberUid?

Question

I'm trying to write a single LDAP search filter to retrieve users who are member of a particular group.

We're running a custom LDAP implementation (running on OpenLDAP: slapd 2.4.40), where the relations between user and groups are mapped Group (memberUid) -> User (uid).

The user LDIF does not have memberOf attributes, which makes it impossible to use the usual approach of (&(objectClass=person)(memberOf=login_group))

The user LDIFs look like:

dn: uid=user1,ou=people,dc=example,dc=com
cn: user1
displayName:: User1
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: posixAccount
uidNumber: 2698
uid: user1

The group LDIF are like this:

dn: cn=login_group,ou=groups,dc=example,dc=com
gidNumber: 1643
objectClass: posixGroup
objectClass: top
objectClass: groupOfUniqueNames
cn: login_group
memberUid: user1
memberUid: user2

Is it possible to write a single LDAP query that does the equivalent to an SQL JOIN, or "IN" filter, ex.

SELECT u.* FROM user u WHERE u.uid IN (SELECT memberUid FROM group WHERE cn=login_group)

It must be a single query since it will be used to control access to a third-party portal, we can't change the client implementation.

LDAP: how to fetch group members by group's memberUid?

0 Answers0