stackoom
  简体   繁体   中英

Getting all usersinfos from Windows server's Active Directory via LDAP (ldap3 Python)

 原文  2022-01-26 14:17:33       python/ ldap/ windows-server/ ldap3/ windows-server-2022

Question

I would like to fetch every users infos (firstname, lastname, email) from a Windows Server's Active Directory. So I'm using ldap3 (python) and successed connected to the server (using HyperV Windows Server 2022) with my admin logs:

from ldap3 import Server, Connection, ALL, NTLM, SAFE_SYNC
server = Server('ldap://172.28.63.240', get_info=ALL)
conn = Connection(server, user="TESTJER\Administrator", 
password="my_admin_password",client_strategy=SAFE_SYNC, auto_bind=True)

status, result, response, _ = conn.search('OU=Users2,DC=testjer,DC=local', 
'(givenName=*)')
print(response)

But I will need to connect to multiple differents servers in the future so I think I will not able (and it's maybe a bad idea) to have an admin account to see everything on every client's servers?

So I tried to initialize a Instance by installing a AD LDS and choosing instance name, Description, ports, etc...

But I'm not able to connect with python by specify the port, I can connect if I don't put the port so that means the Instance is useless.

ldap3.core.exceptions.LDAPBindError: automatic bind not successful - invalidCredentials

Do my needs make that I have to install an instance with a usage to only see Users infos and nothing else? How?

What I did to create the instance:

在此处输入图像描述

在此处输入图像描述

在此处输入图像描述

Here, I was not sure at all on what to write here, but I guess OU=Users2 means fetching only the Users2. This is what I want cause my users are:

在此处输入图像描述

And here I saw that I have anyway to pu an users so I have no choice I put actually my Administrator account but in the future every clients will have to create an account for me:

在此处输入图像描述

And finaly I guess I had to choose "MS-User.LDF" here: 在此处输入图像描述

from ldap3 import Server, Connection, ALL, NTLM, SAFE_SYNC
server = Server('ldap://172.28.63.240', port=50001, get_info=ALL)
conn = Connection(server, user="TESTJER\Administrator", 
password="my_admin_password",client_strategy=SAFE_SYNC, auto_bind=True)

status, result, response, _ = conn.search('OU=Users2,DC=testjer,DC=local', 
'(givenName=*)')
print(response)

1 answers

solution1
 0  2022-04-13 18:46:01

ldap3.Connection.search() returns max 1000 entries by default for AD

You want to use ldap3.Connection.extend.standard.paged_search() for AD instead. The search parameters are basically the same as a regular search, but this function will give you all of the ldap entries as a returned generator object. In order to then get all of the results in a parsable format, just list cast it or for loop through it!

Something like ad_entries = list(ldap_conn.extend.standard.paged_search())

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get user status (disabled or active) in Active Directory with ldap3 Python ldap3 python search members of a group and retrieve their sAMAcountName (Active Directory) How to list own Active Directory group memberships with Python LDAP3? Passwordless Python LDAP3 authentication from Windows client Using python ldap3, getting memberof by userid Active Directory authentication using ldap3 python, how to avoid clear text password python ldap3 function for massive ldap searches Python LDAP and Active Directory issue python ldap3 search LDAPOperationsErrorResult Python ldap3 Search whenCreated
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM