如何使用LDAP查询大型安全组? [英] How do I query large security groups with LDAP?
问题描述
LDAP库:python-ldap
LDAP Library: python-ldap
我正在尝试查询一个约有1000个用户的安全组,以获取成员列表.这些是我用来查询安全组的搜索首选项.
I am trying to query a security group with around 1,000 users to get the list of members. These are my search preferences I am using to query a security group.
Filter: (&(objectCategory=Group)(distinguishedName=cn=SomeGroup,dc=foo,dc=bar))
base dn: cn=SomeGroup,dc=foo,dc=bar
attributes: ['member']
我知道此查询适用于较小的组,因为我已经对其进行了测试并收到了其中包含的成员列表.
I know that this query works with smaller groups because I have tested it and received the list of members it contains.
我也尝试过实现分页组搜索,但是它在有效负载中不返回任何内容,而是返回空错误消息.我的分页大小是1,因此让太多的用户使用分页应该不是问题.我已经在OrganizationalUnits(OU)上测试了分页搜索,因此我知道它已正确实现.
I have also tried implementing paged group searching, but it doesn't return anything in its payload and instead returns an empty error message. My paging size is 1 so getting too many users with paging shouldn't be a problem. I have tested my paged searching on organizationalUnits(OU) so I know it's implemented correctly.
任何帮助或建议,将不胜感激.
Any help or suggestions would be greatly appreciated.
推荐答案
要获取特定组的成员列表,应使用 memberof 搜索过滤器:
To get a list of members of a specific group, you should use a memberof search filter:
过滤器:(和(memberof = cn = SomeGroup,dc = foo,dc = bar))
属性:您想了解的有关成员的任何信息
基本DN:我建议将其设置为您的目录根目录(dc = foo,dc = bar),以确保您获得完整的成员列表
Filter: (&(memberof=cn=SomeGroup,dc=foo,dc=bar))
Attributes: whatever you want to know about the members
Base DN: I recommend to set this to your directory root (dc=foo,dc=bar) to ensure you get the complete list of members
如果要以相反的方式(从组中读取成员的专有名称),则应使用虚拟过滤器(objectclass = *)执行,并将基本DN设置为组的专有名称,并请求 read 操作 member 属性.
If you want to do it the opposite way ( reading the members' distinguished names from the group ) you should perform a read operation with a dummy filter (objectclass=*) and the base DN set to the distinguished name of the group, and requesting the member attribute.
这篇关于如何使用LDAP查询大型安全组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
