克服 Active Directory 的 1000 条记录限制 [英] Conquering Active Directory's 1000 record limit

问题描述

PowerShell 能够提取 1492 条记录的列表.当我将 Python 与 ldap3 模块一起使用时，我遇到了 1000 条记录的限制.请帮我更改 Python 代码以超出限制.

PowerShell is capable of pulling list of 1492 records. When I using Python with ldap3 module I'm bumping into 1000 records limit. Please help me change Python code to exceed the limit.

PowerShell 输入:get-aduser -filter * -SearchBase "OU=SMZ USERS,OU=SMZ,OU=EUR,DC=my_dc,DC=COM" |测量对象

PowerShell input: get-aduser -filter * -SearchBase "OU=SMZ USERS,OU=SMZ,OU=EUR,DC=my_dc,DC=COM" | Measure-Object

输出:计数:1492平均 :总和:最大限度 :最低限度 :属性:

output: Count : 1492 Average : Sum : Maximum : Minimum : Property :

import json
from ldap3 import Server, 
Connection, 
AUTO_BIND_NO_TLS, 
SUBTREE, 
ALL_ATTRIBUTES

def get_ldap_info(u):
with Connection(Server('my_server', port=636, use_ssl=True),
                auto_bind=AUTO_BIND_NO_TLS,
                read_only=True,
                check_names=True,
                user='my_login', password='my_password') as c:

    c.search(search_base='OU=SMZ Users,OU=SMZ,OU=EUR,DC=my_dc,DC=com',
             search_filter='(&(samAccountName=' + u + '))',        
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             size_limit = 0,
             paged_criticality = True,                 
             paged_size = None,
             #attributes = ['cn'],
             get_operational_attributes=True)        

    content = c.response_to_json()
result = json.loads(content)
i = 0
for item in result["entries"]:
    i += 1
print(i)  
get_ldap_info('*')

推荐答案

如果您将代码更改为使用 extend.standard 命名空间的 paged_search 方法，您应该能够检索到您正在寻找的所有结果.

If you change your code to using the paged_search method of the extend.standard namespace instead you should be able to retrieve all the results you are looking for.

请注意，您需要区别对待响应对象.

Just be aware that you will need to treat the response object differently.

def get_ldap_info(u):
with Connection(Server('XXX', port=636, use_ssl=True),
                auto_bind=AUTO_BIND_NO_TLS,
                read_only=True,
                check_names=True,
                user='XXX', password='XXX') as c:

    results = c.extend.standard.paged_search(search_base='dc=XXX,dc=XXX,dc=XXX',
             search_filter='(&(samAccountName=' + u + '))',        
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             #attributes = ['cn'],
             get_operational_attributes=True)        


i = 0
for item in results:
    #print(item)
    i += 1
print(i)  
get_ldap_info('*')

这篇关于克服 Active Directory 的 1000 条记录限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！