枚举用户从一组超群中一行LDAP查询 [英] single line LDAP query that enumerates users from a group within a supergroup

问题描述

我有一个计划，看起来像这样：

I have a scheme that looks like this:

1）用户存在像用户A，用户B，用户C。
2）组存在像OverGroup，子组。
3）OverGroup会自动将新用户喜欢的用户A，用户B等，其会员资格。
4）组我创造了我自己。我已经设置OverGroup是亚组中的一员。

1) Users exist like UserA, UserB, UserC.
2) Groups exist like OverGroup, SubGroup.
3) OverGroup automatically adds new users like UserA, UserB, etc. to its membership.
4) SubGroup I created myself. I have set OverGroup to be a member of SubGroup.

我希望能够给一个行查询组和检索不OverGroup，即：

I want to be able to one-line query SubGroup and retrieve not OverGroup, i.e.:

Values:  
CN=OverGroup,OU=Groups,DC=example,DC=com

但实际用户的全部枚举（用户A，B，C）中OverGroup，即：

but the full enumeration of the actual Users (User A, B, C) within OverGroup, i.e.:

Values:  
CN=UserA,OU=OtherOU,DC=example,DC=com
CN=UserB,OU=OtherOU,DC=example,DC=com
CN=UserC,OU=OtherOU,DC=example,DC=com

有一个班轮LDAP过滤器，可以找回吗？ （它会被放入ExternalAuth配置LDAP部分的请求跟踪实例。pretty的肯定，我也只能这么做只有一个查询ExternalAuth模块可以理解的。）

Is there a one-liner LDAP filter that could retrieve this? (It will be put into the ExternalAuth configuration 'ldap' section in a Request Tracker instance. Pretty sure I can only do this with one query the ExternalAuth module can understand.)

一切我尽量不工作，并从我的阅读，它似乎并不可能一一列举在一组是另一个组的任何一个行查询的成员的用户列表。思考？

Everything I try does not work, and from my reading, it does not seem possible to enumerate a list of users within a group that is a member of another group with any one-line query. Thoughts?

推荐答案

Active Directory中有一个特殊的搜索过滤选项，允许它通过链接对象来过滤，比如嵌套组。能力是这里描述。

Active Directory has a special search filter option that allows it to filter through chained objects, like nested groups. The capability is described here.

下面是如何获取的所有用户在一组，包括嵌套组的一个例子：

Here is an example of how to retrieve all users in a group, including nested groups:

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:={0}))

其中， {0} 是父组的DN。

这篇关于枚举用户从一组超群中一行LDAP查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！