简体   繁体   中英

Use ldap3 to query all active directory groups a user belongs to

I have no problem to query the domain user from active directory with this query

from ldap3 import ObjectDef, AttrDef, Reader, Entry, Attribute, OperationalAttribute
import ldap3

person = ObjectDef('inetOrgPerson')
s = ldap3.Server('myad.com')
c = ldap3.Connection(s, user = 'myuser', password = 'mypassword')

ldap3.Reader(c, person, '(&(objectCategory=person)(sAMAccountName=myuser))', 'dc=mydomain,dc=com').search()

however, this query returns empty list of groups the user belongs to, how to make it work?

ldap3.Reader(c, person, '(&(objectCategory=group)(member=myuser))', 'dc=mydomain,dc=com').search()

I use ldap3 . Thanks in advance.

This answer helped me:

I need the full DN of the user returned from the first query, so this works:

ldap3.Reader(c, person, '(&(member=CN=myuser_in_full_name,OU=xxx,OU=xxxxxx,DC=mydomain,DC=com)(objectClass=group))', 'dc=mydomain,dc=com').search()

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM