“成员:1.2.840.113556.1.4.1941”是LDAP_MATCHING_RULE_IN_CHAIN并很可能会不被其他厂商的LDAP来实现。 LDAP Wiki
编辑:
,如果你想reurse组你可以做这样的事情:
使用过滤器:
(&(objectCategory=organizationalPerson)(objectClass=User)(sAMAccountName=YOURUSER)
get "distinguishedName" (this is the user's distinguishedName)
get "memberOf" (this is a collection of distinguishedNames of the groups the user is a member of (minus the primary group in MS Active Directory, which should be "Domain Users"))
Foreach memberOf in the collection: (This is the first level, so there is no need to check if he is there, because he is.)
(&(objectCategory=group)(distinguishedName=THISMEMBEROF))
get "member" (this is a collection of distinguishedNames of group members)
Foreach memberOf in the collection:
This is the second level (the groups within the groups), so first check if the users distinguishedName is present.
(&(objectCategory=group)(distinguishedName=THISMEMBEROF))
get "member" (this is a collection of distinguishedNames of group members)
Foreach memberOf in the collection:
This is the third level (the groups within the groups), so first check if the users distinguishedName is present.
(&(objectCategory=group)(distinguishedName=THISMEMBEROF))
get "member" (this is a collection of distinguishedNames of group members)
etc.
感谢达罗,那么就可能是什么什么想法通用的方式做到这一点?也就是说,我是否会重新寻找memberOf属性来返回NULL并一个接一个地提取组信息。我可以使用哪些搜索过滤器的任何输入? –
你的目标是什么?它是否必须是LDAP查询,还是只在组成员身份中加入?如果是,哪个范围(通用,全局,域本地,本地,跨域)? – Daro
我的目标是获得用户嵌套-组成员高达指定的电平[(比方说5嵌套级),范围=子树,碱-DN],使用LDAP。 –