如何在 ldap3 中读取给定 DN 的属性(如果没有过滤器,如何使用 ldap3 进行搜索)
how to read attributes for given DN in ldap3 (how to search with ldap3 if no filter)
如果我已经有一个 LDAP DN,我如何使用 ldap3.Connection.search() 获取该 DN 的属性?没有其他搜索条件,我已经有 DN...
我尝试搜索 dn 属性,但未找到任何对象。我还尝试将 search_filter 强制为 ''、'()' 或 None,但它们都返回格式错误的过滤器字符串。
我也找不到用摘要来做到这一点的方法 Reader...
在 ldapsearch 中,如果您正在进行 baseDN 查找,则无需指定搜索过滤器...
import ldap3
ldap_conn = ldap3.Connection('ldapserver', raise_exceptions=True,
auto_bind=True, user='me', password='mypassword')
my_dn = "attrib1=blahblah, ou=org1, dc=dc1, dc=dcroot"
ldap_conn.search(
search_base=my_dn,
search_filter= '(????)', # required
search_scope=ldap3.BASE,
attributes='*'
)
print(ldap_conn.response)
我刚刚意识到 objectClass 将始终存在,因此将其设置为通配符应该将 search_filter 填充到 return 与基本 DN 关联的 1 个条目:
ldap_conn.search(
search_base=my_dn,
search_filter= '(objectClass=*)', # required
search_scope=ldap3.BASE,
attributes='*'
)
然而,对于在 ldap3 中给定 DN 的连接的 LOOKUP 操作没有特殊情况,这似乎很愚蠢。
编辑:@cannatag 提到这是协议的限制,所以我决定检查 RFC:(RFC 4511)。显然,ldapsearch 和 Active Directory 通过设置 objectClass 存在过滤器来模拟 x.500 样式的 LIST 或 READ :
Note that an X.500 "list"-like operation can be emulated by the
client requesting a singleLevel Search operation with a filter
checking for the presence of the 'objectClass' attribute, and that an
X.500 "read"-like operation can be emulated by a baseObject Search
operation with the same filter. A server that provides a gateway to
X.500 is not required to use the Read or List operations, although it
may choose to do so, and if it does, it must provide the same
semantics as the X.500 Search operation.
如果我已经有一个 LDAP DN,我如何使用 ldap3.Connection.search() 获取该 DN 的属性?没有其他搜索条件,我已经有 DN...
我尝试搜索 dn 属性,但未找到任何对象。我还尝试将 search_filter 强制为 ''、'()' 或 None,但它们都返回格式错误的过滤器字符串。
我也找不到用摘要来做到这一点的方法 Reader...
在 ldapsearch 中,如果您正在进行 baseDN 查找,则无需指定搜索过滤器...
import ldap3
ldap_conn = ldap3.Connection('ldapserver', raise_exceptions=True,
auto_bind=True, user='me', password='mypassword')
my_dn = "attrib1=blahblah, ou=org1, dc=dc1, dc=dcroot"
ldap_conn.search(
search_base=my_dn,
search_filter= '(????)', # required
search_scope=ldap3.BASE,
attributes='*'
)
print(ldap_conn.response)
我刚刚意识到 objectClass 将始终存在,因此将其设置为通配符应该将 search_filter 填充到 return 与基本 DN 关联的 1 个条目:
ldap_conn.search(
search_base=my_dn,
search_filter= '(objectClass=*)', # required
search_scope=ldap3.BASE,
attributes='*'
)
然而,对于在 ldap3 中给定 DN 的连接的 LOOKUP 操作没有特殊情况,这似乎很愚蠢。
编辑:@cannatag 提到这是协议的限制,所以我决定检查 RFC:(RFC 4511)。显然,ldapsearch 和 Active Directory 通过设置 objectClass 存在过滤器来模拟 x.500 样式的 LIST 或 READ :
Note that an X.500 "list"-like operation can be emulated by the client requesting a singleLevel Search operation with a filter checking for the presence of the 'objectClass' attribute, and that an X.500 "read"-like operation can be emulated by a baseObject Search operation with the same filter. A server that provides a gateway to X.500 is not required to use the Read or List operations, although it may choose to do so, and if it does, it must provide the same semantics as the X.500 Search operation.