Extension talk:LDAP Authentication/Roadmap

Primary Group ID from AD, I've to admit its for cold fusion but it shows the required LDAP-Queries as far as I understand it... hope it helps...

http://blog.tech-cats.com/2007/10/get-user-primary-group-membership-from.html

Recently, I've had to do much work with Active Directory/LDAP. I needed a way to grab the user's primary group so I can set some permissions in my application based on the primary group the user is a member of. This turned out to be a bit tricky since the primary group for each user is not part of the list of groups the user is a member of. Instead, the primary group token (just an ID) is stored in each user's record. Seems pretty simple now that I got it working but there was a big lack of documentation on how to do this in ColdFusion. So here is the psudo code:

We need to query Active Directory and get the value of the "primaryGroupID" for the selected user We also need a full list of groups in Active Directory (this is acheived with using the filter "(&(objectcategory=group))") Next, we need to get the group name from the full list of groups based on the primary group token we got from the user's record Bingo!





 select	lower(name) as name from	groupsQuery where	primaryGroupToken = '#userLdapQuery.primaryGroupID#'

