( golgota | 2024. 03. 04., h – 12:35 )

AD-ben mukodine kellene. De igazad van kell ele a distinguishedName. Az entryDN-el nem probaltam. De ennek is mukodnie kellene: https://docs.oracle.com/cd/E19623-01/820-6173/def-extensible-match-sear…

UPDATE:

Nalam mukodik (ket fele keppen is, az egyik kimonoddtan az entryDN virtualis attributumra):

$ ldapsearch -x -H ldap://192.168.39.3:1389 -D "cn=admin,dc=k8s,dc=local" -b "dc=k8s,dc=local" -w adminpwd  -s sub '(&(objectclass=groupofnames)(|(cn:dn:=ldapeditors)(entryDN:distinguishedNameMatch:=cn=ldapviewers,ou=groups,dc=k8s,dc=local)))' cn 
# extended LDIF
#
# LDAPv3
# base <dc=k8s,dc=local> with scope subtree
# filter: (&(objectclass=groupofnames)(|(cn:dn:=ldapeditors)(entryDN:distinguishedNameMatch:=cn=ldapviewers,ou=groups,dc=k8s,dc=local)))
# requesting: cn 
#

# ldapeditors, groups, k8s.local
dn: cn=ldapeditors,ou=groups,dc=k8s,dc=local
cn: ldapeditors

# ldapviewers, groups, k8s.local
dn: cn=ldapviewers,ou=groups,dc=k8s,dc=local
cn: ldapviewers

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2