DBMS_LDAP retrieving LDAP tokenGroups attribute
646090Feb 25 2009 — edited Jun 8 2009Hey everyone,
Hopefully this is a really easy question.
I created a pretty simple PL/SQL function to query active directory based on a user's CN and return all of that users "memberOf" attribute. The goal of the function was to get user-group relationships out of AD and into oracle. The function did exactly what I wanted it to do but it turns out that the attribute "memberOf" only holds direct relationships and doesn't have any nested group information. On top of that, it also does not contain the person's primary group information.
After some research I found that there is an attribute called "tokenGroups" which should contain the information I am looking for. Whenever I try to query for this attribute, I get an error. I talked to the AD admin and he told me it's a constructed (calculated) attribute and it doesn't behave the same as the other attributes. He said you have to "refresh the property cache" before you can view these attributes.
Does anyone know how to do this via DBMS_LDAP?
Thanks in advance!
-Joe