node-activedirectory icon indicating copy to clipboard operation
node-activedirectory copied to clipboard
verified publisher icon gheeres

getGroupMembershipForUser does not include group specified in user's primaryGroupId

Open CKarper opened this issue 10 years ago • 5 comments

This is one of those AD weird things, but all users by default are in 'Domain Users' but not via the typical memberOf mechanism... There is an attribute named primaryGroupId that specifies the RID of the user's default group. You take the user's SID, replace the last sub-Authority with the group Id, and that's the SID of the group.

http://stackoverflow.com/questions/4443824/ldap-group-membership-including-domain-users

I'm coding a solution for myself for now, but I'll try to integrate it and make a PR for you. But in the interim, it is definitely a hole.

CKarper avatar May 05 '15 18:05 CKarper

Any update on this?

gheeres avatar May 26 '15 14:05 gheeres

Ha! I completely forgot, sorry. I fixed it for myself, but went on vacation instead of fixing it for everyone. I'll take a look again. :-)

CKarper avatar May 26 '15 14:05 CKarper

CKarper, is this fix in a github repository that I can extract or pull? Or if you can send me your personal library, I can diff, extract and apply it. I'd like to get this integrated / merged since it IS a bug.

gheeres avatar Jul 30 '15 12:07 gheeres

Is this the same issue that prevents getUsersForGroups from working properly?

conrad-dk avatar Nov 22 '16 12:11 conrad-dk

Hi all, I know this is an old thread but I was wondering whether the patch for this was finally pushed onto some repo I can pull from. Thanks

gcorbetta avatar Jul 16 '18 08:07 gcorbetta