Python LDAP 搜索
我一直在阅读有关如何使用 Python 搜索 LDAP 服务器的内容,但我已经被困了几个小时,而且不知道为什么。这是我第一次尝试使用这种 API。
以下是我打开连接并尝试搜索的方法:
aims_server = '#####.com'
base_dn = 'cn=EMPLOYEES,cn=portal,cn=Groups,dc=Company,dc=com'
username = 'cn=admin,cn=users,dc=Company,dc=com'
password='#####'
directory=ldap.open(aims_server)
directory.simple_bind_s(username, password)
#retrieve the current members from group
old = {'uniquemember':attr['uniquemember']}
然后我故意破坏代码,以便我可以使用调试器并使用以下命令进行搜索:
>>> searchFilter = "cn=*"
>>> directory.search_s(base_dn,ldap.SCOPE_SUBTREE,searchFilter, retrieveAttributes)
结果:
[('cn=EMPLOYEES,cn=portal,cn=groups,dc=Company,dc=com', {'displayname': ['Employees'], 'description': ['Members of this group are employees. '], 'objectclass': ['top', 'groupOfUniqueNames', 'orclGroup'], 'orclisvisible': ['true'], 'owner': ['cn=portal_admin ,cn=users,dc=Company,dc=com', 'cn=portal,cn=users, dc=Company,dc=com'], 'uniquemember': ['cn=alan,cn=users,dc=Company,dc=com', 'cn=alan_r,cn=users,dc=Company,dc=com', ....
如果我有一个过滤器 "cn=*",它将带回上面的字典,但如果我实际上在 searchFilter 中放入任何内容,它不会带回任何结果。
有人有任何见解吗?我想知道我是否在目录中搜索得不够深入?
编辑
我似乎能摆脱这种情况的最好方法是将设置更改为:
searchFilter = "cn=*"
retrieveAttributes = ["uniquemember"]
然后:
(cn, attr) = searcher.pop()
返回:
{'uniquemember': ['cn=alan_t,cn=users,dc=company,dc=com','cn=alan_r,cn=users,dc=company....
看起来它试图搜索的级别太高,我将如何进入另一个级别来搜索唯一成员?
我只是想搜索一下他们的名字!
I've been reading on how to search LDAP servers using Python, but Ive been stuck for hours and Im not sure why. This is my first time trying to use this sort of API.
Heres how I open the connection and try to search:
aims_server = '#####.com'
base_dn = 'cn=EMPLOYEES,cn=portal,cn=Groups,dc=Company,dc=com'
username = 'cn=admin,cn=users,dc=Company,dc=com'
password='#####'
directory=ldap.open(aims_server)
directory.simple_bind_s(username, password)
#retrieve the current members from group
old = {'uniquemember':attr['uniquemember']}
Then I purposely break the code so I can use the debugger and search using this:
>>> searchFilter = "cn=*"
>>> directory.search_s(base_dn,ldap.SCOPE_SUBTREE,searchFilter, retrieveAttributes)
Results:
[('cn=EMPLOYEES,cn=portal,cn=groups,dc=Company,dc=com', {'displayname': ['Employees'], 'description': ['Members of this group are employees. '], 'objectclass': ['top', 'groupOfUniqueNames', 'orclGroup'], 'orclisvisible': ['true'], 'owner': ['cn=portal_admin ,cn=users,dc=Company,dc=com', 'cn=portal,cn=users, dc=Company,dc=com'], 'uniquemember': ['cn=alan,cn=users,dc=Company,dc=com', 'cn=alan_r,cn=users,dc=Company,dc=com', ....
If I have a filter of "cn=*", it will bring back the dictionary above, but if I actually put anything in the searchFilter it will not bring back any results.
Does anybody have any insight? I'm wondering if I'm not searching deep enough in the directories?
EDIT
The best I can seem to get out of this is to change the settings to:
searchFilter = "cn=*"
retrieveAttributes = ["uniquemember"]
Then:
(cn, attr) = searcher.pop()
Returns:
{'uniquemember': ['cn=alan_t,cn=users,dc=company,dc=com','cn=alan_r,cn=users,dc=company....
It seems like it is trying to search a level too high, how would I go down another level to be searching the unique members?
I just want to search for their names!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我终于做到了,只花了我5个多小时。
每次我搞乱配置时,我都会学到更多东西,但我基本上必须尝试每种组合才能使其正常工作。
事实证明,我可能对 base_dn 太具体了,所以我将其更改为更高的级别
然后我意识到我无法搜索低于 uniquemember 的任何内容,所以这必须是我的属性 然后
这样,过滤器就可以工作,
它会返回:
虽然它最后确实包含一个空对象,但这仍然给了我我正在寻找的结果。
我希望这对刚接触 LDAP 的其他人有所帮助
I finally did it and it only took me over 5 hours.
Every time I messed around with a configuration I learnt a bit more but I basically had to try every combination to get it to work.
It turns out that I was probably being too specific with the base_dn, so I changed that to a higher level
Then I realised that I couldnt search any lower than uniquemember, so that had to be the attribute I was returning
This way, the filter works
It will then return:
Although it does contain an empty object at the end, this still gives me the result Im looking for.
I hope this helps someone else when they are new to LDAP
而不是...
我用过...
另外,如果你有...
它仍然不会给你你需要的东西?
Instead of ...
I've used ...
Also, if you have ...
it still won't give you what you need?