LDAP 查询返回指定 OU 中的所有组
我正在尝试更新当前应用于 SharePoint (WSS) 中的人员选取器的筛选器。
我正在使用 stsadm 设置过滤器。
就像...
stsadm -o setproperty -url http://webserver:39770 -pn peoplepicker-searchadcustomfilter -pv "(&(userAccountControl=512)(objectCategory=person)(objectClass=user)(memberOf=cn=All Users Group,ou=E-Mail Distribution Lists,dc=domain,dc=com,dc=au))"
我知道如何执行此操作,但想要更改 LDAP 查询。这就是我需要你帮助的地方。
我想查询 AD 中的 OU 并返回其中的所有组。
作为后退,我可以将 OU 中的所有组放入自己的组中,然后使用以下查询查询该组...
(&(memberOf=CN=WSSPeoplePickerGroup,OU=Groups,DC=domain,DC=com,DC=au)(objectCategory=group))
...但如果可以的话,我想直接查询 OU。它已经成为我不想放弃的骨头,所以希望有人比我更聪明。
我认为我需要去哪里类似于我发现的以下查询。据我了解,这被称为可扩展搜索匹配,并且他们正在过滤 OU 的“名称”,但我无法了解如何将其应用到我想要的内容(尽管进行了多次尝试)我已经做了),如果这确实是我应该采取的方法。
(&(objectClass=group)(&(ou:dn:=Chicago)(!(ou:dn:=Wrigleyville))))
TIA
I am trying to update my filter currently appled to the People Picker in SharePoint (WSS).
I am using stsadm to set the filter.
Something like...
stsadm -o setproperty -url http://webserver:39770 -pn peoplepicker-searchadcustomfilter -pv "(&(userAccountControl=512)(objectCategory=person)(objectClass=user)(memberOf=cn=All Users Group,ou=E-Mail Distribution Lists,dc=domain,dc=com,dc=au))"
I know how to do this but want to change the LDAP query. This is where I need your help.
I would like to query an OU in AD and return all the groups in it.
As a fall back I could put all groups in the OU into their own group and just query the group using the following query...
(&(memberOf=CN=WSSPeoplePickerGroup,OU=Groups,DC=domain,DC=com,DC=au)(objectCategory=group))
... but I would like to directly query the OU if I can. It has become a bone I don't want to let go of just yet, so hopefully there is someone smarter than me out there.
I think where I need to head is something like the following query I found. As I understand it this is known as an extensible search match and they are filtering on the 'name' of OU but I am having trouble seeing how I might apply this to what I want (despite the numerous attempts I have made), if this is indeed the approach I should take.
(&(objectClass=group)(&(ou:dn:=Chicago)(!(ou:dn:=Wrigleyville))))
TIA
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您只想搜索特定的 OU。为什么不直接按distinguishedName 进行搜索呢?
就你而言,也许是这样的。
这相当于搜索 OU 电子邮件分发。
而且 userAccountControl=512 并不意味着所有启用的用户。它只是搜索普通帐户。更好的方法是搜索是否设置了“禁用”标志。
使用此值而不是 userAccountControl=512 来查找所有未禁用的用户。
供参考。
If you want search a particular OU only. Why not just search by the distinguishedName?
In your case, maybe something like this.
which will be equivalent to searching the OU E-Mail Distribution.
And also userAccountControl=512 does not mean all enabled user. It just searches for Normal account. A better way would be to search whether the Disabled flag is set.
Use this instead of userAccountControl=512 to find all users which are not disabled.
fyi.