C++ LDAP 检查用户是否是特定组的成员

Question

到目前为止一直在尝试这个，但没有成功，所以希望有人能帮忙（而且我离得不远。）。 我只想通过 LDAP 返回用户是否是特定组的成员； 到目前为止，我有以下代码；

int authMethod = LDAP_AUTH_SIMPLE;
LDAP* pLdapConnection = NULL;
ULONG version = LDAP_VERSION3;
ULONG getOptSuccess = 0;
ULONG connectSuccess = 0;
INT returnCode = 0;
int retSearch = 0;
LDAPMessage *res;
int num_entries = 0, num_refs = 0;

pLdapConnection = ldap_init((char*)m_Hostname.GetString(), LDAP_PORT);

returnCode = ldap_set_option(pLdapConnection,
    LDAP_OPT_PROTOCOL_VERSION,
    (void*)&version);


// Connect to the server.
connectSuccess = ldap_connect(pLdapConnection, NULL);

// Bind
returnCode = ldap_bind_s(pLdapConnection, (char*)m_Username.GetString(), (char*)m_Password.GetString(), authMethod);

// Attempt to search for user
retSearch = ldap_search_s(pLdapConnection, "dc=as,dc=local", LDAP_SCOPE_SUBTREE, "(&(sAMAccountName = examplename))", NULL, NULL, &res);

到目前为止，所有这些都有效，直到搜索部分，例如 - 我想在“技术”组中搜索用户“用户名”。 我已经尝试过以下类似的事情；

retSearch = ldap_search_s(pLdapConnection, "dc=as,dc=local", LDAP_SCOPE_SUBTREE, "(&(sAMAccountName=username)(memberof=CN=Technical))",
    nullptr, 0, &pSearchResult);

That does not return anything, so I've tried searching more and the only thing similar I've found is - LDAP Finding Members of a group PHP but it's in PHP and I cannot seem to transfer that over to C++ so far.

任何正确方向的帮助都会有所帮助，因为我无法解决。 :-)

Answer 1

你的过滤器应该是这样的：

(&(objectClass=user)(sAMAccountName=yourUserName)
  (memberOf=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))

由于组嵌套而包括成员资格：

(&(objectClass=user)(sAMAccountName=yourUserName)
  (memberOf:1.2.840.113556.1.4.1941:=cn=YourGroup,ou=Users,dc=YourDomain,dc=com))

数字1.2.840.113556.1.4.1941是扩展匹配。