Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Authentication extended query to verify multiple groups

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 1 Posters 352 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      somerino
      last edited by

      Hello!

      I'm running a Windows Server 2019 domain controller for authentication. I've already studied the Microsoft wiki.

      https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

      I'm trying to create a query which verifies whether a user is a member of one or the other group.

      Verifying just one group works fine.
      memberOf=CN=GroupA,DN=test,DN=domain

      To verify two or more groups, according to the wiki, this should work:

      (!(memberOf=CN=GroupA,DN=test,DN=domain)(memberOf=CN=GroupB,DN=test,DN=domain))

      I'm not quite sure what the problem exactly is.
      Not even this works:
      (memberOf=CN=GroupA,DN=test,DN=domain)

      Is it a syntax error?

      Thanks in advance for your help!

      1 Reply Last reply Reply Quote 0
      • S
        somerino
        last edited by

        Can't believe it! Randomly tried something out and it works.

        So the answer is:
        !(memberOf=CN=GroupA,DN=test,DN=domain)(memberOf=CN=GroupB,DN=test,DN=domain)

        Sometimes less is more :)

        S 1 Reply Last reply Reply Quote 1
        • S
          somerino @somerino
          last edited by

          @wellcomefit

          EDIT, replace ! with |

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.