如何查找用户所属的所有组?(LDAP)

How to find all the groups the user is a member? (LDAP)(如何查找用户所属的所有组?(LDAP))

问题描述

我正在尝试获取某个用户所属的所有组.

I am trying to get all the groups that a certain user is a member of.

我在 ldap 中有以下 结构:

I have the following structures in ldap:

o=myOrganization
     ou=unit1
         cn=admin
         cn=guess

和

ou=users
    cn=ann
    cn=bob
    cn=carla

• myOrganization 是 Organization 的一个实例
• unit1 是 OrganizationUnit 的一个实例
• admin 和 guess 都是 GroupOfNames，每个人都是成员
• ann、bob 和 carla 是 Person 的实例
• myOrganization is an instance of Organization
• unit1 is an instance of OrganizationUnit
• admin and guess are both GroupOfNames and have everyone as a member
• ann, bob, and carla are instances of Person

目前，我在 python 上使用 ldap 模块，这就是我所拥有的:

Currently, I am using the ldap module on python and this is what I have:

import ldap
l = ldap.initialize("ldap://my_host")
l.simple_bind_s("[my_dn]", "[my_pass]")
ldap_result = l.search("[BASE_DN]", ldap.SCOPE_SUBTREE, "(&(objectClass=Person)(cn=ann))", None)
res_type, data = l.result(ldap_result, 0)
print(data)

而且我能够得到用户 ann;但是，我该如何获取 Ann 所属的组?

And I am able to get the user ann; but, how do I go about getting the groups Ann belongs to?

我试过了，以下来自 此页:

I tried, the following from this page:

search_filter='(|(&(objectClass=*)(member=cn=ann)))'
results = l.search_s([BASE_DN], ldap.SCOPE_SUBTREE, search_filter, ['cn',])

但我得到了一个空列表.我也尝试了各种查询组合，但它们都返回空.

But I got an empty list. I also tried various combinations of queries, but they all return empty.

PS:我在 linux 机器上使用 OpenLDAP

PS: I am using OpenLDAP on a linux machine

推荐答案

member=cn=ann 还不够.你必须使用 ann 的完整 DN，大概是这样的:

member=cn=ann is not enough. You have to use ann's full DN, probably something like this:

member=cn=ann,ou=users,dc=company,dc=com

这篇关于如何查找用户所属的所有组?(LDAP)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！