Is User A Member Of A (Nested) Group ?

Working with nested groups, it can be hard to determine if a user is member of the “base” group. The following class contains a method to do the job.

IsGroupMember ( GroupName, UserName ) calls method ExplodeGroup, which fills an array with all members of the group. It also resolves nested groups.

IsGroupMember now checks if the username is a member of this array using Lotusscript function ArrayGetIndex.

Class NotesDominoDirectory

	Private strServer As String

	Public Sub new (server As String )
		strServer = server
	End Sub

	Public Function ExplodeGroup (GroupName As String) As Variant

		Dim s As New Notessession
		Dim db As New NotesDatabase ( Me.strServer, "names.nsf" )
		Dim doc As NotesDocument
		Dim view As NotesView
		Dim i As Integer, j As Integer, k As Integer
		Dim arrGrp1, arrGrp2 As Variant

		Set view=Db.GetView ("($VIMGroups)")
		Set doc=View.GetDocumentByKey (GroupName)
		Redim arrMembers (1) As Variant
		j = 0

		If Not (doc Is Nothing) Then
			arrGrp1= Doc.GetItemValue ("Members")
			For i= 0 To Ubound (arrGrp1)
				arrGrp2= Me.ExplodeGroup (arrGrp1 (i))
				Redim Preserve arrMembers (Ubound (arrGrp2) + j) As Variant
				For k= 0  To Ubound (arrGrp2)
					arrMembers (j) = arrGrp2 (k)
					j = j + 1
				Next
			Next
		Else
			Redim arrMembers (0) As Variant
			arrMembers (0) = GroupName
		End If

		ExplodeGroup= Arrayunique (arrMembers)

	End Function 

	Public Function IsGroupMember ( strGroup As String, strUser As String ) As Boolean

		IsGroupMember = False

		If (Arraygetindex (Me.ExplodeGroup (strGroup), strUser , 5))  Then
			IsGroupMember = True
		End If

	End Function

	Public Function IsGroupMemberExt ( strGroup As String, strUser As String ) As Boolean
		' uses undocumented function
		Dim arrMembers As Variant
		IsGroupMemberExt = False
		arrMembers =
            Evaluate(|@ExpandNameList("|& strServer & |":"names.nsf";"|& strGroup &|")| )
		If (Arraygetindex ( arrMembers, strUser, 5)) Then
			IsGroupMemberExt = True
		End If
	End Function

End Class

Here is a sample of how to check if Ulrich Krause is member of group “Everybody”

Sub Click(Source As Button)
	Dim res As Variant
	Dim dd As New NotesDominoDirectory ("serv01/singultus")
	Msgbox dd.IsGroupMember ( "Everybody" , "CN=Ulrich Krause/O=singultus")
End Sub

There is also an undocumented @formula @ExpandNameList to expand a group and all nested groups to all the names.

Function IsGroupMemberExt ( strGroup As String, strUser As String ) As Boolean
	' uses undocumented function
	Dim arrMembers As Variant
	IsGroupMemberExt = False
	arrMembers =
         Evaluate(|@ExpandNameList("|& strServer &|":"names.nsf";"|& strGroup &|")| )
	If (Arraygetindex ( arrMembers, strUser, 5))  Then
	     IsGroupMemberExt = True
	End If
End Function
Post Views: 3,015

3 thoughts on “Is User A Member Of A (Nested) Group ?

  1. There is an issue with this approach, when Directory Assistance is used. Since you “only” use names.nsf, you may miss group memberships in other configured directories.

    Thomas

  2. Be carefull when using @expandnamelist it doesnt work on groups starting with an underscore. i have no idea which other limitation there are but one is enough for me.

  3. Pedantic but… 🙂

    In line 15 of the first code block it dims:
    Dim i, j, k As Integer

    This results in variables i & j as variants and k as an integer. To correct this, dim like this:
    Dim i As Integer, j As Integer, k As Integer

Comments are closed.