如何读取ldap3中给定DN的属性(如果没有过滤器,如何使用ldap3进行搜索)

2024-05-16 03:22:43 发布

您现在位置:Python中文网/ 问答频道 /正文
1129 3

如果我已经有一个LDAP DN,如何使用ldap3.Connection.search()获取该DN的属性?没有其他搜索条件,我已经有DN。。。在

我试图搜索dn属性,但它没有返回任何找到的对象。我还尝试强制search_filter'''()'或{},它们都返回了格式错误的过滤器字符串。在

我也找不到一个方法来做这个抽象的读者。。。在

ldapsearch中,如果正在执行baseDN查找,则不需要指定搜索筛选器。。。在

import ldap3

ldap_conn = ldap3.Connection('ldapserver', raise_exceptions=True, 
    auto_bind=True, user='me', password='mypassword')

my_dn = "attrib1=blahblah, ou=org1, dc=dc1, dc=dcroot"

ldap_conn.search(
    search_base=my_dn,
    search_filter= '(????)', # required
    search_scope=ldap3.BASE,
    attributes='*'
)

print(ldap_conn.response)

Tags: 对象truesearch属性myconnectiondcfilter
1条回答
网友
1楼 · 发布于 2024-05-16 03:22:43

我刚刚意识到objectClass将始终存在,因此将其设置为通配符应该填充search_filter以返回与基DN相关联的1项:

ldap_conn.search(
    search_base=my_dn,
    search_filter= '(objectClass=*)', # required
    search_scope=ldap3.BASE,
    attributes='*'
)

然而,在ldap3中没有针对给定DN的连接执行查找操作的特殊情况,这似乎很愚蠢。在

编辑:@cannatag提到这是协议的一个限制,所以我决定检查RFC:(RFC 4511)。显然,ldapsearch和activedirectory模拟x.500样式的列表,或者通过设置objectClass状态过滤器进行读取:

Note that an X.500 "list"-like operation can be emulated by the client requesting a singleLevel Search operation with a filter checking for the presence of the 'objectClass' attribute, and that an X.500 "read"-like operation can be emulated by a baseObject Search operation with the same filter. A server that provides a gateway to X.500 is not required to use the Read or List operations, although it may choose to do so, and if it does, it must provide the same semantics as the X.500 Search operation.

相关问题 更多 >

    编程相关推荐