How to list own Active Directory group memberships with Python LDAP3?

Question

I log in to Active Directory, then I want to list my own group memberships with Python ldap3 library.

server = Server('server.company.local', get_info=ALL)
conn = Connection(server, user="company\\user", password="password", authentication=NTLM, auto_bind=True)
print(conn.extend.standard.who_am_i())

This code only shows user name (like whoami cmd command), but i want to list my groups (like whoami /groups command). Unfortunately I dont have the rights to make different searches on the Domain controller, thats why (perhaps) the following code returns empty string:

conn.search("dc=name,dc=company,dc=local","(&(sAMAccountName={}))".format("company\\myusername")
            ,attributes=['memberOf'])

How can i list my own group membership, like whoami /groups does?

Answer 1

Active Directory generally allows all authenticated users to read a lot of attributes, including memberOf. Check the number of records returned for your search. I expect you are finding zero records with that search. sAMAccountName values do not generally contain the "company\\" component but are just "myusername".

Answer 2

问题是我搜索中的搜索库：我将"dc=name,dc=company,dc=local"替换为"dc=company,dc=local"它工作正常。