Ldap nested Groups membership not working as expected

Peter Schober peter.schober at univie.ac.at
Fri Jun 11 09:41:04 UTC 2021

* Armando Martins <armando.mart1s at gmail.com> [2021-06-11 11:31]:
> ldapsearch -x -LLL -h "myldapserver" -b 'dc=example,dc=com' -D
> 'uid=myroaccount,ou=users,o=services,dc=example,dc=com' -w mypassword
> uid=testuser distinguishedName
> dn: uid=testuser,ou=users,dc=example,dc=com
> So, the answer is yes. The distinguishedName attribute is exposed by
> OpenLDAP.

No, you're simply misreading the output from that command.
If it would have found an attribute named "distinguishedName" it would
have printed the attribute and it's values as part of the output.
(It does not, above.)

Try searching for an attribute that's guaranteed to NOT exist and it
will still respond with dn: ... 


More information about the users mailing list