用户离开了该组织,因此我将他从所有组中删除。之后,他似乎仍然在一个小组中,但不在小组成员中。见下文:
[bauron@ldapmaster ~]$ ldapsearch -x -b"dc=domain,dc=com" "(uniqueMember=uid=TARGETUSER,ou=users,dc=domain,dc=com)" dn uniqueMember
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (uniqueMember=uid=TARGETUSER,ou=users,dc=domain,dc=com)
# requesting: dn uniqueMember
#
# jca, roles, groups, domain.com
dn: cn=jca,ou=roles,ou=groups,dc=domain,dc=com
uniqueMember: uid=user1,ou=users,dc=domain,dc=com
uniqueMember: uid=user2,ou=users,dc=domain,dc=com
uniqueMember: uid=user3,ou=users,dc=domain,dc=com
... # rest of list omitted
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[bauron@ldapmaster ~]$ ldapsearch -x -b"dc=domain,dc=com" "(uniqueMember=uid=TARGETUSER,ou=users,dc=domain,dc=com)" dn uniqueMember | grep TARGETUSER
# filter: (uniqueMember=uid=TARGETUSER,ou=users,dc=domain,dc=com)
[bauron@ldapmaster ~]$
正如您所看到的,即使我明确要求将TARGETUSER作为唯一会员的群组,但是对于TARGETUSER列表的grep也会失败。我不知道这是怎么可能的,或者我可以做些什么来解决它。提前谢谢!