我的Linux应用程序支持LDAP,并使用openldap库连接到openLDAP服务器。对于特定功能,我需要显示每个用户的所有组的名称。当我定位到Microsoft AD时,通过查找Memberof可以很容易地得到结果。但是我似乎无法在OpenLDAP中得到任何东西。希望这里有一些不错的技巧可以告诉我对示例代码的正确修改。
提前致谢。
/*
* authusername could be the name of the user that we are investigating, set it to NULL if we want to list all the users in the LDAP
* ldaploginattr could be the search criteria that uniquely identifies a user like samAccountname or UID or UniquePrincipalName
* ldapbasedn should be the DN scope like DC=example,DC=local
* ldapgroupid should be the identifier for user's group enlistments like MemberOf in Microsoft AD
* */
int ldap_to_cache (LDAP *ld, const char *authusername, const char *ldaploginattr , const char *ldapbasedn , const char *ldapgroupid)
{
int ldap_search_result = -1,ldap_bind_result = 0;
int num_entries_returned = 0;
char bind_filter[512] = "";
int cnt = 1, ret = -11; // return -1 on failure
LDAPMessage *pMsg = NULL, *entry = NULL;
TRACE ;
snprintf(bind_filter, sizeof(bind_filter) -1, "(&(objectclass=person)(%s=%s))", ldaploginattr, (authusername == NULL) ? "*" : authusername);
/* search for all the users that have the desired ldaploginattr like samAccountname or UID or UPN*/
ldap_search_result = ldap_search_ext_s(ld, ldapbasedn, LDAP_SCOPE_SUBTREE, bind_filter, NULL, 0, NULL, NULL, NULL, 0, &pMsg);
TRACE ;
if (ldap_search_result != LDAP_SUCCESS ) {
printf ("error: %d:%s\n", ldap_search_result, ldap_err2string(ldap_search_result) );
if(pMsg == NULL)
return ret;
}
TRACE ;
num_entries_returned = ldap_count_entries(ld, pMsg); // if we were called with authusername = NULL, then we create a list of all users in the LDAP Directory
ret = num_entries_returned;
TRACE ;
for (entry = ldap_first_entry(ld, pMsg); entry != NULL; entry = ldap_next_entry(ld, entry))
{
int i = 0, j = 0;
char LDAPuser[512] = "", LDAP_user_DN[512] = "", LDAP_user_group_memberships[512] = "";
char *gdn = NULL, **dn_res, **attrib_vals;
memset(LDAP_user_group_memberships, '\0', 512);
char *ptr = LDAP_user_group_memberships;
/* retrieve the names of all the users in LDAP that match the desired attribute*/
attrib_vals = ldap_get_values(ld, entry, ldaploginattr);
for(i = 0; attrib_vals[i] != NULL; i++)
snprintf (LDAPuser , 512 -1 , "%s" , attrib_vals[i]);
gdn = ldap_get_dn(ld, entry);
snprintf(LDAP_user_DN, 512 -1, "%s",gdn);
printf ("LDAP user #%d : %s\n" , cnt, LDAPuser);
printf ("userDN: %s\n" , LDAP_user_DN);
printf ("group memberships: (%s):\n" , ldapgroupid);
dn_res = ldap_get_values(ld, entry, ldapgroupid);
if(dn_res != NULL) {
for(j = 0; dn_res[j] != NULL; j++) {
printf ("%s: %s\n" , ldapgroupid, dn_res[j]);
}
}
cnt++;
if(i > 0)
ldap_value_free(attrib_vals);
if(j > 0)
ldap_value_free(dn_res);
if (gdn != NULL )
ldap_memfree (gdn) ;
}
TRACE ;
if (pMsg != NULL)
ldap_msgfree(pMsg);
TRACE ;
return cnt;
}
最佳答案
RFC2307bis成员身份存储如下:
dn: cn=abuild,ou=groups,o=company
objectClass: groupOfNames
objectClass: posixGroup
cn: abuild
description: Build System Users
gidNumber: 399
member: uid=abuild,ou=groups,o=company
member: uid=joe,ou=users,o=company
所以代码是:
static const char *const attrs[] = {"cn", NULL};
char filter[] = "(&(objectClass=posixGroup)(member=uid\\3Djoe,ou\\3Dusers,o\\3Dcompany))";
LDAPMessage *result;
int ret;
ret = ldap_search_ext_s(conn, searchroot, LDAP_SCOPE_SUBTREE,
filter, (char **)attrs, false, NULL, NULL, NULL, LDAP_MAXINT,
&result);
关于c++ - 如何使用c/c++在OpenLDAP中提取用户的组成员身份,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/9503153/