Hi, i have an issue with searching users in Active Directory tree. I Do have: Domain: example.localOrganization Unit: MyBusinessAnother organization unit under MyBusiness: Security GroupsAnd then a Security Group called: testUsers in Security Group test: test1, test2, test3User test1 with password testpass with admin rights Now, after i do a search in Active Directory: /squid_ldap_group -b "cn=Users,dc=,dc=local" -f "(&(ObjectClass=*)(ObjectCategory=*)(sAMAccountName=%v)(MemberOf=CN=test,OU=MyBusiness,OU=Security Groups,DC=example,DC=local))" -h 192.168.16.19 -p 389 -D "test1@example.local" -w testpass Entered Manually: <test testpass> Error received: <ERR> I tried lot of different ways to search. Here are some of them: /squid_ldap_group -b "cn=Users,dc=,dc=local" -f "(&(ObjectClass=*)(ObjectCategory=*)(sAMAccountName=%v)(MemberOf=CN=test,OU=MyBusiness,DC=example,DC=local))" -h 192.168.16.19 -p 389 -D "test1@example.local" -w testpass/squid_ldap_group -b "cn=Users,dc=,dc=local" -f "(&(ObjectClass=*)(ObjectCategory=*)(sAMAccountName=%v)(MemberOf=CN=test,OU=Security Groups,DC=example,DC=local))" -h 192.168.16.19 -p 389 -D "test1@example.local" -w testpass/squid_ldap_group -b "cn=Users,dc=,dc=local" -f "(&(ObjectClass=*)(ObjectCategory=*)(sAMAccountName=%v)(MemberOf=CN=test,DC=example,DC=local))" -h 192.168.16.19 -p 389 -D "test1@example.local" -w testpass Only way to get it working was to create a security group in OU: MyBusiness and then do search: /squid_ldap_group -b "cn=Users,dc=,dc=local" -f "(&(ObjectClass=*)(ObjectCategory=*)(sAMAccountName=%v)(MemberOf=CN=test,OU=MyBusiness,DC=example,DC=local))" -h 192.168.16.19 -p 389 -D "test1@example.local" -w testpass But i don't want to create group there. I do want to keep Security group where all the other ones are. In Security Group OU under MyBusiness OU. Please don't forward me to squid forum as it's not only with squid ldap search. I also tried to logon onto my Domain Controller and do search directly on there. And funniest thing is that when i do advanced search and add field: Member Of - Is (Exactly) - test It doesn't find any users that match the criteria. Can somebody help me with this one? Thank you.

Your filter looks wrong: "(&(ObjectClass=*)(ObjectCategory=*)(sAMAccountName=%v)(MemberOf=CN=test,OU=MyBusiness,OU=Security Groups,DC=example,DC=local))" Is this filtering on objects that have a specified sAMAccountName?. I don't understand the "%v". To query for all members of the group, you only need the memberOf clause. Also, from your explanation I gather that "ou=Security Groups" is a child of "ou=MyBusiness". If so, you have them listed in reverse order. I would suggest: "(MemberOf=CN=test,OU=Security Groups,OU=MyBusiness,DC=example,DC=local)" Richard Mueller - MVP Directory Services

So my filter should look like: /squid_ldap_group -b "cn=Users,dc=,dc=local" -f "(MemberOf=CN=test,OU=Security Groups,OU=MyBusiness,DC=example,DC=local)" -h 192.168.16.19 -p 389 -D "test1@example.local" -w testpass I don't need sAMAccountName I also don't need ObjectClass and ObjectCategory. Is that correct?

You don't need sAMAccountName in the filter. If you just have the memberOf clause, you will get all members of the group, whether they are users, computers, contacts, or other groups. If you want to restrict the results to user members, then add the objectCategory and objectClass clauses (AND the clauses with the "&" operator, so all conditions must be met). I assume -b is the base of the query and -f is the filter. Perhaps -h is the IP address of a domain controller. If so I suspect it is not necessary. Same for -p, which appears to be a port. I assume -D is a userPrincipalName and -w is a password. Richard Mueller - MVP Directory Services