LDAP组成员身份(包括域用户) [英] LDAP group membership (including Domain Users)
问题描述
即使该组恰好是某些用户的主要组,我如何获得LDAP组中的用户列表?
How can I get a list of users within an LDAP group, even if that group happens to be the primary group for some users?
例如,假设"Domain Users"是德语中的"Domain Leute".我希望"CN =域Leute,DC = mycompany,DC = com"的所有成员.我怎么知道那是著名的域用户"组?
For example, suppose "Domain Users" is "Domain Leute" in German. I want all members of "CN=Domain Leute,DC=mycompany,DC=com". How would I know that is the well-known "Domain Users" group?
或者如果某些用户的主要组更改为"CN = rebels,DC = mycompany,DC = com",又想获得THAT组的成员该怎么办?用户的主要组没有成员属性,主要组也没有列出它们的成员属性.
Or what if some users' primary group was changed to "CN=rebels,DC=mycompany,DC=com", and I wanted to get members of THAT group? Users don't have a memberOf property for their primary group, and the primary group won't have a member property listing them.
这是我通过LDAP查看时看到的(即,没有MS扩展名):
This is what I see when viewed via LDAP (ie, no MS extensions):
推荐答案
您需要首先从Group对象中找到primaryGroupToken.如果使用的是ADSIEdit,则需要确保已启用构造"过滤器才能看到此计算出的属性.对于域用户,primaryGroupToken应该为513.
You need to find out primaryGroupToken from the Group object first. If you are using ADSIEdit, you need to make sure you have "Constructed" filter on to see this calculated attribute. For Domain Users, the primaryGroupToken should be 513.
然后,您需要查找将primaryGroupID设置为该值的所有用户.这是您应该编写的ldap查询,以查找将域用户"设置为主组的所有用户.
Then, you neeed to find all the users with primaryGroupID set to this value. Here is the ldap query you should write to find out all users with Domain Users set as the primary group.
(&(objectCategory=person)(objectClass=user)(primaryGroupID=513))
编辑
这是在LDAP浏览器中显示primaryGroupToken的步骤.我正在使用LDAP浏览器2.6 build650.右键单击您的个人资料,然后单击属性
Here is the steps to show primaryGroupToken in LDAP Browser. I am using LDAP browser 2.6 build 650. Right click your profile and click properties
转到"LDAP设置"标签,然后单击高级"按钮.
Go to LDAP Settings tab and click Advanced button.
添加额外的操作属性 primaryGroupToken
点击应用按钮,然后关闭属性页面.现在,您应该在组对象中看到 primaryGroupToken .
Click Apply button and close the properties page. Now, you should see the primaryGroupToken in your group object.
这篇关于LDAP组成员身份(包括域用户)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
