堆栈内存溢出
  简体   繁体   English

如何在ldap3中读取给定DN的属性(如果没有过滤器,如何使用ldap3进行搜索)

[英]how to read attributes for given DN in ldap3 (how to search with ldap3 if no filter)

 原文  2017-12-06 01:13:40       python/ ldap/ ldap3

问题描述

If I already have an LDAP DN, how do I get the attributes for that DN with ldap3.Connection.search() ? 如果我已有LDAP DN,如何使用ldap3.Connection.search()获取该DN的属性? There is no other search criteria, I already have the DN... 没有其他搜索条件,我已经有了DN ...

I tried searching for dn attribute, but it returned no objects found. 我尝试搜索dn属性,但没有找到任何对象。 I also tried forcing search_filter to '' , '()' or None and they all returned malformed filter string. 我还尝试强制search_filter'''()'None ,它们都返回格式错误的过滤字符串。

I also couldn't find a way to do this with the abstract Reader... 我也找不到用抽象的阅读器做到这一点的方法......

In ldapsearch you don't need to specify a search filter if you are doing a baseDN lookup... ldapsearch ,如果您正在进行baseDN查找,则无需指定搜索过滤器... 

import ldap3

ldap_conn = ldap3.Connection('ldapserver', raise_exceptions=True, 
    auto_bind=True, user='me', password='mypassword')

my_dn = "attrib1=blahblah, ou=org1, dc=dc1, dc=dcroot"

ldap_conn.search(
    search_base=my_dn,
    search_filter= '(????)', # required
    search_scope=ldap3.BASE,
    attributes='*'
)

print(ldap_conn.response)

1 个解决方案

解决方案1
 5 已采纳  2017-12-06 01:18:22

I just realized that objectClass will always be present, so setting it to wildcard should shim search_filter to return the 1 entry associated with base DN: 我刚刚意识到objectClass将始终存在,因此将其设置为通配符应该shim search_filter以返回与基本DN关联的1条目: 

ldap_conn.search(
    search_base=my_dn,
    search_filter= '(objectClass=*)', # required
    search_scope=ldap3.BASE,
    attributes='*'
)

However it seems silly there is no special case for LOOKUP operation against the connection given a DN in ldap3. 然而,对于ldap3中给定DN的连接,LOOKUP操作没有特殊情况。

EDIT : @cannatag mentioned this was a limitation of the protocol, so I decided to check the RFC: (RFC 4511) . 编辑 :@cannatag提到这是协议的限制,所以我决定检查RFC :( RFC 4511) Apparently, ldapsearch and Active Directory emulate an x.500-style LIST or READ by setting an objectClass presence filter : 显然, ldapsearch和Active Directory通过设置objectClass存在过滤器来模拟x.500样式的LIST或READ:

Note that an X.500 "list"-like operation can be emulated by the client requesting a singleLevel Search operation with a filter checking for the presence of the 'objectClass' attribute, and that an X.500 "read"-like operation can be emulated by a baseObject Search operation with the same filter. 请注意,客户端可以通过过滤器检查是否存在“objectClass”属性来模拟X.500“类似列表”的操作,并且X.500“类似”操作可以使用相同的过滤器通过baseObject搜索操作进行模拟。 A server that provides a gateway to X.500 is not required to use the Read or List operations, although it may choose to do so, and if it does, it must provide the same semantics as the X.500 Search operation. 提供到X.500的网关的服务器不需要使用读取或列表操作,尽管它可以选择这样做,如果确实如此,它必须提供与X.500搜索操作相同的语义。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 python ldap3 库进行 DN 解析 - How to do DN resolution using python ldap3 library Python ldap3如何获取所有属性加上sAMAccountName - Python ldap3 how to get all attributes plus sAMAccountName Python LDAP3搜索LDAPOperationsErrorResult - python ldap3 search LDAPOperationsErrorResult Python ldap3 搜索何时创建 - Python ldap3 Search whenCreated 如何在ldap3中删除用户的属性? - How to delete attribute of user in ldap3? LDAP 过滤器与 ldap3 库不工作 - LDAP filter with ldap3 library not working ldap3 python Modify用过滤器替换对象 - ldap3 python modify replace an object with filter Python ldap3搜索创建一个空条目 - Python ldap3 search creates an empty entry 禁止 Python ldap3 搜索结果引用 - Suppress Python ldap3 search result referrals Python 模拟补丁 ldap3 搜索响应 - Python Mock patch ldap3 search response
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM