本文介绍了如何找到用户所属的所有组? (LDAP)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试获取某个用户所属的所有组.

I am trying to get all the groups that a certain user is a member of.

我在ldap中具有以下结构:

I have the following structures in ldap:

o=myOrganization
     ou=unit1
         cn=admin
         cn=guess

ou=users
    cn=ann
    cn=bob
    cn=carla

  • myOrganization是Organization的实例
  • unit1是OrganizationUnit的实例
  • adminguess都是GroupOfNames,每个人都是成员
  • annbobcarla是Person的实例
    • myOrganization is an instance of Organization
    • unit1 is an instance of OrganizationUnit
    • admin and guess are both GroupOfNames and have everyone as a member
    • ann, bob, and carla are instances of Person
    • 当前,我正在python上使用ldap模块,这就是我所拥有的:

      Currently, I am using the ldap module on python and this is what I have:

      import ldap
      l = ldap.initialize("ldap://my_host")
      l.simple_bind_s("[my_dn]", "[my_pass]")
      ldap_result = l.search("[BASE_DN]", ldap.SCOPE_SUBTREE, "(&(objectClass=Person)(cn=ann))", None)
      res_type, data = l.result(ldap_result, 0)
      print(data)
      

      我就能获得用户ann;但是,我该如何获取组Ann所属的组?

      And I am able to get the user ann; but, how do I go about getting the groups Ann belongs to?

      我尝试了以下内容,来自页面:

      I tried, the following from this page:

      search_filter='(|(&(objectClass=*)(member=cn=ann)))'
      results = l.search_s([BASE_DN], ldap.SCOPE_SUBTREE, search_filter, ['cn',])
      

      但是我有一个空名单.我还尝试了各种查询组合,但它们都返回空.

      But I got an empty list. I also tried various combinations of queries, but they all return empty.

      PS:我在Linux机器上使用OpenLDAP

      PS: I am using OpenLDAP on a linux machine

      推荐答案

      member=cn=ann是不够的.您必须使用Ann的完整DN,大概是这样的:

      member=cn=ann is not enough. You have to use ann's full DN, probably something like this:

      member=cn=ann,ou=users,dc=company,dc=com
      

      这篇关于如何找到用户所属的所有组? (LDAP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-30 14:43