We have an LDAP with a number of groups that follow this pattern:

Acme-MyApp-ABC-Admin
Acme-MyApp-ABC-Bottlewasher
Acme-MyApp-ABC-Cook
Acme-MyApp-DEF-Admin
Acme-MyApp-DEF-Bottlewasher
Acme-MyApp-DEF-Cook

etc repeated many times.

(&(objectClass=person)(memberOf=cn=Acme-MyApp-ABC-Admin,ou=Groups,dc=acme,dc=com))

correctly returns members of the Acme-MyApp-ABC-Admin group. We'd like to find members of all of the Admin groups.

(&(objectClass=person)(memberOf=cn=*-Admin,ou=Groups,dc=acme,dc=com))

Is it possible to put a wildcard within a DN?

Generally, Wildcard searches on DN's syntax attributes are not supported.

Some LDAP server implementation may support them. You question is tagged as OpenLDAP but the search filter appears to be more like an AD implementation.

I did find "Question about using an LDAP filter to get memberOf from an AD Group" on TechNet stating, ".. that wildcards are no allowed." (I am assuming he met NOT vs no)

-jim

While I do not think that this can be done with the ldap filter directly. I have faced similar requirements many times and my go to method is as following:

Create a group that encapsles all relevant groups, in your case the admin groups.

• Acme-MyApp-Admins
  • Acme-MyApp-ABC-Admin
  • Acme-MyApp-DEF-Admin

Then setup a filter based on the recursive membership of that group.

(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=CN=Acme-MyApp-Admins,ou=Groups,dc=acme,dc=com))

This way you only need to take care that every new admin group is added as a member of the access group, but you do not need to modify the ldap filter.