在搜索过滤器中使用 DN
在我的 LDAP 客户端程序中,有时我必须在搜索过滤器中包含 DN 值。但是这个 DN 经常变化,每次我都必须在我的代码中更改这个过滤器。
当我用谷歌搜索它时,我得到了类似的内容
假设您想从研发和人力资源部门中提取 ObjectType = Person 的所有用户,但不从营销和 PM 中提取任何用户。过滤器将是:
(&(objectClass=person)(|(ou:dn:=ResearchAndDevelopment)(ou:dn:=HumanResources)))
任何人都可以更详细地解释这一点吗?
In my LDAP Client program sometimes I have to include the DN value within the search filter. But this DN is changing frequently and every I have to change this filter in my code.
When I googled it for that I got something like this
Suppose you want to pull all users of ObjectType = Person from the R&D and HR ous, but not any users from Marketing and PM. The filter would be:
(&(objectClass=person)(|(ou:dn:=ResearchAndDevelopment)(ou:dn:=HumanResources)))
Can anybody explain this more in detail?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果您确实需要按整个 DN 进行搜索,可以使用以下命令进行搜索:
If you really need to search by the whole DN, you can search with:
您应该检查 RFC 2254(LDAP 搜索过滤器的字符串表示形式)。
LDAP 过滤器对布尔运算符使用波兰语。因此,运算符写在其操作数之前:
上面的示例意味着您希望所有满足 条件 1 AND 条件 2 AND 条件 3 的 LDAP 条目,依此类推。
然后还有自身的条件。它们非常简单,只能由几种类型组成:
(attrName=*)(attrName>=value)/(attrName<; =value)/(attrName=value)/(attrName~=value)(attrName=*value*)/(attrName=*value)/(attrName=value*)(attrName:dn:=value)/( attrName:matchingRule:=value)带有
:dn:关键字的可扩展条件意味着您还希望考虑条目 DN 中的属性。因此,对于您的案例条目cn=John Doe,ou=HumanResources,ou=Users,dc=example,dc=com将匹配过滤器(ou:dn:=HumanResource)。将示例过滤器翻译成英语句子将是:
You should check RFC 2254 (The String Representation of LDAP Search Filters).
LDAP filters use polish notation for the boolean operators. So the operator is written before its operands:
The example above means that you want all LDAP entries which satisfy condition1 AND condition2 AND condition3 and so on.
Then there are condition themselves. They are very simple and can consist only of few types:
(attrName=*)(attrName>=value)/(attrName<=value)/(attrName=value)/(attrName~=value)(attrName=*value*)/(attrName=*value)/(attrName=value*)(attrName:dn:=value)/(attrName:matchingRule:=value)The extensible condition with the
:dn:keyword means, that you want attributes from the entry DN to be considered as well. So for your case entrycn=John Doe,ou=HumanResources,ou=Users,dc=example,dc=comwould match the filter(ou:dn:=HumanResource).Translating your example filter to an English sentence would be:
您可以使用 dn 到 base 并将搜索范围设置为
base。即,将dn值设置为base,并将搜索范围设置为
base(搜索范围是base之一、子和一)。You can use dn into base and set search scope as
base.That is, set dn value into base, and set search scope as
base(search scope is one of base, sub and one).