LDAP无法直接搜索对象

2024-05-18 16:16:36 发布

您现在位置:Python中文网/ 问答频道 /正文
874 3

我认为这是一个一般的ldap问题,但我已经用python编写了示例代码。你知道吗

如果在“根”下指定dn,则可以搜索对象,但如果尝试在树的顶部搜索,则会出现错误:

import ldap

server = '<server address>'
realm = '<realm>'
realm_dn = ','.join(['DC=%s' % part for part in realm.lower().split('.')])

l = ldap.initialize('ldap://%s' % server)
auth_tokens = ldap.sasl.gssapi('')
l.sasl_interactive_bind_s('', auth_tokens)

system = 'CN=System,%s' % realm_dn

print('Containers at system:')
result = l.search_s(system, ldap.SCOPE_ONELEVEL, '(objectCategory=Container)', ['cn'])
for i in result:
    print(i[-1]['cn'])

print('Containers at top:')
result = l.search_s(realm_dn, ldap.SCOPE_ONELEVEL, '(objectCategory=Container)', ['cn'])
for i in result:
    print(i[-1]['cn'])

第一次搜索成功并打印系统中的所有容器。我希望第二次搜索能够找到“System”容器(以及其他容器),但事实并非如此

  File "test_ldap_search.py", line 19, in <module>
    result = l.search_s(realm_dn, ldap.SCOPE_ONELEVEL, '(objectCategory=Container)', ['cn'])
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 831, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 825, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 717, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 721, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 728, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 735, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 308, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 292, in _ldap_call
    result = func(*args,**kwargs)
ldap.OPERATIONS_ERROR: {'info': u'000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1771', 'desc': u'Operations error'}

我知道我已经被认证了。我把它当作管理员。因此,“为了执行此操作,必须在连接上成功完成绑定”消息具有误导性。你知道吗

我尝试过搜索任何类型的对象,但它总是在树的根下成功,在树的顶部失败。有什么我不明白的吗?你知道吗

ldap服务器是Windows 2008 R2服务器。你知道吗


Tags: inpyselfsearchpackagesusrlinesite
1条回答
网友
1楼 · 发布于 2024-05-18 16:16:36

同样的搜索使用pythonldap3代码。你知道吗

l = ldap3.Connection(server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True)

print('Containers at top:')
l.search(realm_dn, '(objectCategory=Container)', search_scope='LEVEL', attributes= ['cn'])
for i in l.entries:
    print(i['cn'])

也许这是python ldap代码中的一个bug?你知道吗

相关问题 更多 >

    编程相关推荐

    热门问题