python-ldap:从 LDAP 搜索中只检索几个条目

python-ldap: Retrieve only a few entries from LDAP search

我希望模仿 ldapsearch -z 标志行为,即使用 python-ldap 从 LDAP 中仅检索特定数量的条目。

但是,它一直失败,出现异常 SIZELIMIT_EXCEEDED

有多个链接报告了问题,但建议的解决方案似乎不起作用

Python-ldap search: Size Limit Exceeded

LDAP: ldap.SIZELIMIT_EXCEEDED

我正在使用 search_ext_s()sizelimit 参数设置为 1,我确定不会超过服务器限制

在 Wireshark 上,我看到返回了 1 个条目并且服务器引发 SIZELIMIT_EXCEEDED。这与 ldapsearch -z 行为相同

但是下一行引发了异常,我不知道如何检索返回的条目

conn.search_ext_s(<base>,ldap.SCOPE_SUBTREE,'(cn=demo_user*)',['dn'],sizelimit=1)

在引发异常 ldap.SIZELIMIT_EXCEEDED 之前,您必须使用异步搜索方法 LDAPObject.search_ext() and separate collect the results with LDAPObject.result()

根据评论中的讨论,我是这样实现的:

import ldap

# These are not mandatory, I just have a habit
# of setting against Microsoft Active Directory

ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)

conn = ldap.initialize('ldap://<SERVER-IP>')
conn.simple_bind(<username>, <password>)

# Using async search version
ldap_result_id = conn.search_ext(<base-dn>, ldap.SCOPE_SUBTREE,
                                 <filter>, [desired-attrs],
                                 sizelimit=<your-desired-sizelimit>)
result_set = []
try:
  while 1:
    result_type, result_data = conn.result(ldap_result_id, 0)
    if (result_data == []):
      break
    else:
      # Handle the singular entry anyway you wish.
      # I am appending here
      if result_type == ldap.RES_SEARCH_ENTRY:
        result_set.append(result_data)
except ldap.SIZELIMIT_EXCEEDED:
  print 'Hitting sizelimit'

print result_set

示例输出:

# My server has about 500 entries for 'demo_user' - 1,2,3 etc.
# My filter is '(cn=demo_user*)', attrs = ['cn'] with sizelimit of 5

$ python ldap_sizelimit.py

Hitting sizelimit
[[('CN=demo_user0,OU=DemoUsers,DC=ad,DC=local', {'cn': ['demo_user0']})], 
[('CN=demo_user1,OU=DemoUsers,DC=ad,DC=local', {'cn': ['demo_user1']})], 
[('CN=demo_user10,OU=DemoUsers,DC=ad,DC=local', {'cn': ['demo_user10']})], 
[('CN=demo_user100,OU=DemoUsers,DC=ad,DC=local', {'cn': ['demo_user100']})], 
[('CN=demo_user101,OU=DemoUsers,DC=ad,DC=local', {'cn': ['demo_user101']})]]

您可以尝试使用更多 srv 控件来对这些控件进行排序等,但我认为传达了基本思想 ;)

如果您搜索的用户少于服务器大小限制指定的用户, 会起作用,但如果您希望收集的用户超过该限制(AD 的默认值为 1000 个用户),则会失败。

这是我在对 and in the official documentation. At the time of writing this it works with the pip3 package python-ldap 版本 3.2.0.

进行大量编辑后得出的 Python3 实现
def get_list_of_ldap_users():
    hostname = "google.com"
    username = "username_here"
    password = "password_here"
    base = "dc=google,dc=com"

    print(f"Connecting to the LDAP server at '{hostname}'...")
    connect = ldap.initialize(f"ldap://{hostname}")
    connect.set_option(ldap.OPT_REFERRALS, 0)
    connect.simple_bind_s(username, password)
    connect=ldap_server
    search_flt = "(cn=demo_user*)" # get all users with a specific cn
    page_size = 1 # how many users to search for in each page, this depends on the server maximum setting (default is 1000)
    searchreq_attrlist=["cn", "sn", "name", "userPrincipalName"] # change these to the attributes you care about
    req_ctrl = SimplePagedResultsControl(criticality=True, size=page_size, cookie='')
    msgid = connect.search_ext_s(base=base, scope=ldap.SCOPE_SUBTREE, filterstr=search_flt, attrlist=searchreq_attrlist, serverctrls=[req_ctrl])

    total_results = []
    pages = 0
    while True: # loop over all of the pages using the same cookie, otherwise the search will fail
        pages += 1
        rtype, rdata, rmsgid, serverctrls = connect.result3(msgid)
        for user in rdata:
            total_results.append(user)

        pctrls = [c for c in serverctrls if c.controlType == SimplePagedResultsControl.controlType]
        if pctrls:
            if pctrls[0].cookie: # Copy cookie from response control to request control
                req_ctrl.cookie = pctrls[0].cookie
                msgid = connect.search_ext_s(base=base, scope=ldap.SCOPE_SUBTREE, filterstr=search_flt, attrlist=searchreq_attrlist, serverctrls=[req_ctrl])
            else:
                break
        else:
            break
    return total_results