Fetching memberOf attribute

[Alan DeKok]

On May 15, 2025, at 8:26 AM, Matvey Teplov <matvey.teplov at nomios.nl> wrote:
> I cannot get the attributes to be:
>     • filtered to the bare necessity - I don't need them all present in the reply and there are 39 of them. I just need a memberOf from the AD.

  You can filter the reply attributes to keep only the ones you want.  See the attr_filter module.  

>     • Having the memberOf attribute recognised - system comes back with: "ERROR: String passed does not look like an LDAP URL"

  i.e. it's a malformed LDAP URL.  You need to fix it so the it's the correct syntax.  You can't just invent syntax and expect it to work.

> Any help will be appreciated!
> 
> Cheers
> 
> Here is the configuration:

  Why?  You were already told to read the documentation, which says DON'T POST THE CONFIGURATION FILES.

  It's easier to solve problems if you read the documentation.

> (0)       ERROR: String passed does not look like an LDAP URL
> (0)       EXPAND %{ldap:memberOf}

  That's not a valid LDAP URL, or a valid LDAP query. You're inventing your own things, and then wondering why they don't work.

  The argument to the function is an LDAP URL.  The LDAP function is intended to do an LDAP query, and get a result.

> If I run manually ldap_search, then membership shows. Wireshark confirms that there is no attribute request in the ldap search packet present.

  Yes, you've said that before.  You don't need to say it again.

  Alan DeKok.