我有一个如下所示的方案:
I have a scheme that looks like this:
我希望能够单行查询 SubGroup 而不是检索 OverGroup,即:
I want to be able to one-line query SubGroup and retrieve not OverGroup, i.e.:
Values: CN=OverGroup,OU=Groups,DC=example,DC=com但 OverGroup 中实际用户(用户 A、B、C)的完整枚举,即:
but the full enumeration of the actual Users (User A, B, C) within OverGroup, i.e.:
Values: CN=UserA,OU=OtherOU,DC=example,DC=com CN=UserB,OU=OtherOU,DC=example,DC=com CN=UserC,OU=OtherOU,DC=example,DC=com是否有可以检索此内容的单行 LDAP 过滤器?(它将被放入 Request Tracker 实例中的 ExternalAuth 配置ldap"部分.很确定我只能通过 ExternalAuth 模块可以理解的一个查询来做到这一点.)
Is there a one-liner LDAP filter that could retrieve this? (It will be put into the ExternalAuth configuration 'ldap' section in a Request Tracker instance. Pretty sure I can only do this with one query the ExternalAuth module can understand.)
我尝试的所有方法都不起作用,并且根据我的阅读,似乎不可能通过任何单行查询枚举属于另一个组的组中的用户列表.想法?
Everything I try does not work, and from my reading, it does not seem possible to enumerate a list of users within a group that is a member of another group with any one-line query. Thoughts?
推荐答案Active Directory 有一个特殊的搜索过滤器选项,允许它过滤链接对象,如嵌套组.该功能在此处进行了描述.
Active Directory has a special search filter option that allows it to filter through chained objects, like nested groups. The capability is described here.
以下是如何检索组中所有用户的示例,包括嵌套组:
Here is an example of how to retrieve all users in a group, including nested groups:
(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:={0}))其中 {0} 是父组的 DN.
where {0} is the DN of the parent group.
更多推荐
单行 LDAP 查询,枚举来自超组内的组的用户
发布评论