cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
777
Views
0
Helpful
5
Replies

How to verify user LDAP group membership

swaupadh
Level 1
Level 1

Hi,

we are attempting to determine if a user is a member of a specific LDAP group in our directory and if the user is a member it should return TRUE else FALSE (this is done by defining the LDAP attribute 'CN' (property) which returns a result 'CN=<UserName> or returns 'getting 0 entries'. The query we have is

(&(cn=<username>)(memberOf=CN=<groupname>,DC=domain,DC=com)).

Any pointers on how to do this ?

Thank you.

5 Replies 5

Shaun Roberts
Cisco Employee
Cisco Employee

Are you using MS AD or general LDAP?

Can you make CLI/powershell calls or Rest calls into it?

I would wager it could be done a handful of different ways, but we'd need to see more detail to advise.

 

--shaun

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com

Hi Shaun,

  I am using MS AD activity currently. I am passing the above query in the LDAP path parameter field and "cn" in the property parameter field.

 

I can use powershell/rest calls if you can suggest me.

 

Thank,

Swati

You could do a couple of things...

 

1) Install dsquery (add remote AD tools to your box) and run something like

dsquery group -u <user name>

Username would be their login name, yours is "swaupadh" for example. This would return a listing of all the groups they are in and you could regex through that output for the group you are looking for. Use either the Execute Powershell or Execute Windows Command activity here.

 

2) Use powershell functions and powershell capability to check for group membership, something like this:

function Get-GroupMembership($DN,$group){
    $objEntry = [adsi]("LDAP://"+$DN)
    $objEntry.memberOf | where { $_ -match $group}
}

//EXAMPLE CALL

Get-GroupMembership "Cn=kazun,dc=contoso,dc=com" "Backup Operators"

 

Then you can regex through the output for the "True" or "False" word and run with that.

 

Either should get you what you want.

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com

Thank you Shaun, it worked like magic:)

swaupadh
Level 1
Level 1

Thank you Shaun, it worked like magic:)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: