LDAP group membership filter for ACL searches (SJWS 7)
We have an LDAP authentication database, and some ACL's specifying that you need to be member of an LDAP group.
When I look at the query being done to the LDAP, it is :
[19/Jul/2007:15:57:57 +0200] conn=203 op=4 msgId=5 - SRCH base="o=eurocontrol,o=ec" scope=2 filter="(|(&(objectclass=groupofuniquenames)(|(uniquemember=uid=sbiesbro,ou =eurousers,o=eurocontrol,o=ec)))(&(objectclass=group)(|(member=uid=sbiesbro, ou=eurousers,o=eurocontrol,o=ec)))(&(objectclass=groupofnames)(|(member=uid= sbiesbro,ou=eurousers,o=eurocontrol,o=ec))))" attrs="cn"
which is not super fast as it is using attributes (e..g. member) which is not indexed (but the ACL is working)
I then first tried to set the --group-search-attr to uniquemember, but this had no effect (still same query)
I then tried to set the --group-search-filter to (uniquemember=%d) but then the ACL fails, and there is NO search for group membership to LDAP (only authentication check).
What am I doing wrong ?
Thanks
Stephan
