我想列出Active Directory中的所有组,包括嵌套。LDAP查询获取组的所有组(嵌套)
有了这个,我到达顶级组:
try {
Hashtable<String,String> props = new Hashtable<String,String>();
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://adserver");
props.put(Context.SECURITY_PRINCIPAL, "[email protected]");
props.put(Context.SECURITY_CREDENTIALS, "password");
DirContext ctx = new InitialDirContext(props);
SearchControls cons = new SearchControls();
cons.setReturningAttributes(new String[] {"cn"});
cons.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration<SearchResult> answer = ctx.search("cn=users,dc=domain,dc=com", "(objectcategory=group)", cons);
System.out.println("AD GROUPS:");
while(answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
Attributes atts = result.getAttributes();
Attribute att = atts.get("cn");
String groupName = (String)att.get();
//how to search for groups nested in this group
}
} catch (NamingException e) {
e.printStackTrace();
}
我如何可以获取嵌套组?我GOOGLE了一点,发现这两种方式:
NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf:1.2.840.113556.1.4.194:=cn="+groupName+"))", controls);
和
NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf=CN="+groupName+"))", controls);
但这没有返回嵌套组。我究竟做错了什么?
怎么样的嵌套组的水平? – EJP