1. 首页
  2. 问答
  3. LDAP查询获取组的所有组(嵌套)

LDAP查询获取组的所有组(嵌套)

2013-10-23 56 views
4

我想列出Active Directory中的所有组,包括嵌套。LDAP查询获取组的所有组(嵌套)

有了这个,我到达顶级组:

try { 
    Hashtable<String,String> props = new Hashtable<String,String>(); 
    props.put(Context.SECURITY_AUTHENTICATION, "simple"); 
    props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
    props.put(Context.PROVIDER_URL, "ldap://adserver"); 
    props.put(Context.SECURITY_PRINCIPAL, "[email protected]"); 
    props.put(Context.SECURITY_CREDENTIALS, "password"); 

    DirContext ctx = new InitialDirContext(props); 

    SearchControls cons = new SearchControls(); 
    cons.setReturningAttributes(new String[] {"cn"}); 
    cons.setSearchScope(SearchControls.ONELEVEL_SCOPE); 

    NamingEnumeration<SearchResult> answer = ctx.search("cn=users,dc=domain,dc=com", "(objectcategory=group)", cons); 
    System.out.println("AD GROUPS:"); 
    while(answer.hasMore()) { 
     SearchResult result = (SearchResult) answer.next(); 
     Attributes atts = result.getAttributes(); 
     Attribute att = atts.get("cn"); 
     String groupName = (String)att.get(); 

     //how to search for groups nested in this group 
    } 
} catch (NamingException e) { 
    e.printStackTrace(); 
}

我如何可以获取嵌套组?我GOOGLE了一点,发现这两种方式:

NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf:1.2.840.113556.1.4.194:=cn="+groupName+"))", controls); 


NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf=CN="+groupName+"))", controls);

但这没有返回嵌套组。我究竟做错了什么?

来源

2013-10-23 Trick

回答

0

可以使用过滤器对类如下

(&(objectCategory =用户)(的memberOf = CN = MyCustomGroup,OU = ouOfGroup,DC =子域,DC =域,DC = COM))

来源

2013-10-24 09:31:38

+1

怎么样的嵌套组的水平? – EJP

1

你可以尝试下做

Attribute memberOf = srLdapUser.getAttributes().get("memberOf"); 
if (memberOf != null) { 
    for (int i = 0; i < memberOf.size(); i++) { 
     Attributes atts = ctx.getAttributes(memberOf.get(i).toString(), new String[] { "CN" }); 
     Attribute att = atts.get("CN"); 
     groups.add((att.get().toString())); 
    } 
    System.out.println(groups.toString());`

来源

2014-04-29 09:09:45 user3504158

+1

非常好,但它只适用于一个级别。你需要一个堆栈。 – EJP

-1

尝试改变

cons.setSearchScope(SearchControls.ONELEVEL_SCOPE); 


cons.setSearchScope(SearchControls.SUBTREE_SCOPE);

这应该允许你搜索下的整个子树,并包括已指定

来源

2017-12-19 11:24:51 kaybee99

相关问题

 相关问题