[英]ldap nested group (attribute to look while parsing for group membership)
To retrieve groups belonging to all users I am using following filter: 要检索属于所有用户的组,我正在使用以下过滤器:
(&(objectclass=*)(member:1.2.840.113556.1.4.1941:=cn=sam,DC=aaaldap,DC=com))
And, i am able to retrieve multiple DN entries like: 而且,我能够检索多个DN条目,例如:
1. GOT ENTRY: DN => CN=group1,CN=Users,DC=aaaldap,DC=com
LDAP: Attribute Length Valueldap_get_dn
1d21h: LDAP: cn 6 group1
2. LDAP: GOT ENTRY: DN => CN=group2,CN=Users,DC=aaaldap,DC=com
LDAP: Attribute Length Valueldap_get_dn
1d21h: LDAP: cn 6 group2
All i am interested is in group membership, so i want to parse the attribute CN received in the entry and would like to assume this as a group. 我所感兴趣的只是组成员身份,因此我想解析条目中接收到的属性CN,并希望将其假定为组。
Can someone suggest if this will be a valid assumption of parsing CN attribute and mark its value as "group" membership to which it belongs to? 有人可以建议这是否是解析CN属性并将其值标记为它所属的“组”成员身份的有效假设吗?
You should specify a real objectClass
instead of just *
, to limit the search to whatever object class you are using for groups. 您应该指定一个实际的
objectClass
而不是*
,以将搜索限制为您要用于组的任何对象类。 Then anything you get back must be a group. 然后,您得到的任何东西都必须是一个小组。 The search may also run faster.
搜索也可能运行得更快。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.