问题描述
我正在尝试获取某个用户所属的所有组.
I am trying to get all the groups that a certain user is a member of.
我在ldap中具有以下结构:
I have the following structures in ldap:
o=myOrganization
ou=unit1
cn=admin
cn=guess
和
ou=users
cn=ann
cn=bob
cn=carla
-
myOrganization
是Organization的实例 -
unit1
是OrganizationUnit的实例 -
admin
和guess
都是GroupOfNames,每个人都是成员 -
ann
,bob
和carla
是Person的实例 myOrganization
is an instance of Organizationunit1
is an instance of OrganizationUnitadmin
andguess
are both GroupOfNames and have everyone as a memberann
,bob
, andcarla
are instances of Person
当前,我正在python上使用ldap模块,这就是我所拥有的:
Currently, I am using the ldap module on python and this is what I have:
import ldap
l = ldap.initialize("ldap://my_host")
l.simple_bind_s("[my_dn]", "[my_pass]")
ldap_result = l.search("[BASE_DN]", ldap.SCOPE_SUBTREE, "(&(objectClass=Person)(cn=ann))", None)
res_type, data = l.result(ldap_result, 0)
print(data)
我就能获得用户ann
;但是,我该如何获取组Ann
所属的组?
And I am able to get the user ann
; but, how do I go about getting the groups Ann
belongs to?
我尝试了以下内容,来自此页面:
I tried, the following from this page:
search_filter='(|(&(objectClass=*)(member=cn=ann)))'
results = l.search_s([BASE_DN], ldap.SCOPE_SUBTREE, search_filter, ['cn',])
但是我有一个空名单.我还尝试了各种查询组合,但它们都返回空.
But I got an empty list. I also tried various combinations of queries, but they all return empty.
PS:我在Linux机器上使用OpenLDAP
PS: I am using OpenLDAP on a linux machine
推荐答案
member=cn=ann
是不够的.您必须使用Ann的完整DN,大概是这样的:
member=cn=ann
is not enough. You have to use ann's full DN, probably something like this:
member=cn=ann,ou=users,dc=company,dc=com
这篇关于如何找到用户所属的所有组? (LDAP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!