Python 2.7 使用LDAP在Active Directory中查找用户-没有用户？

使用python ldap 2.4.17.0，我试图从AD Active Directory获取所有用户用户名的列表。 当我执行下面的代码时，它只提供了一个域信息、DNS服务器、有关Exchange服务器的内容的列表-我似乎找不到与AD中的用户有关的任何内容-即使当我转到服务器并查看基本/根节点下的Active directory时-下面有一个CN=users，以及所有我需要的好东西！！！ 但这并没有反映在准则中。有人知道为什么我不能通过代码看到用户吗

import ldap

def main():

    con=ldap.initialize('ldap://192.168.16.12:389')
    try:
        res =con.search_s("DC=mycompany,DC=local", ldap.SCOPE_SUBTREE)
        for dn, entry in res:
        print dn
except Exception, error:
    print error

结果

DC=mycompany,DC=local
DC=ForestDnsZones,DC=mycompany,DC=local
DC=DomainDnsZones,DC=mycompany,DC=local
CN=Configuration,DC=mycompany,DC=local
CN=EXCH-FOOPLACE,CN=Public Folder Database 2,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Mycompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=local
CN=EXCHANGE01,CN=Barplace-RegularMailBoxes,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Mycompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=local
CN=EXCHANGE01,CN=Barplace-LargeMailBoxes,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Mycompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=local
CN=EXCHANGE01,CN=Public Database,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Mycompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=local
CN=EXCH-FOOPLACE,CN=Houston-Exchange02,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Mycompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=local
CN=Schema,CN=Configuration,DC=mycompany,DC=local

---

发现在查询LDAP以获得完整的实体列表之前，您实际上必须提供某种授权用户凭据，例如：

con=ldap.initialize('ldap://192.168.16.12:38')

user_dn = r"Administrator@foo.com"
password = "bar"

criteria = "(&(objectClass=user)(sAMAccountName=username))"
attributes = ['displayName', 'company']

try:
    con.simple_bind_s(user_dn, password)
    res =con.search_s("CN=Users,DC=foo,DC=com", ldap.SCOPE_SUBTREE,'(objectClass=User)')
    for dn, entry in res:
        print dn
except Exception, error:
    print error

---

发现在查询LDAP以获得完整的实体列表之前，您实际上必须提供某种授权用户凭据，例如：

con=ldap.initialize('ldap://192.168.16.12:38')

user_dn = r"Administrator@foo.com"
password = "bar"

criteria = "(&(objectClass=user)(sAMAccountName=username))"
attributes = ['displayName', 'company']

try:
    con.simple_bind_s(user_dn, password)
    res =con.search_s("CN=Users,DC=foo,DC=com", ldap.SCOPE_SUBTREE,'(objectClass=User)')
    for dn, entry in res:
        print dn
except Exception, error:
    print error

---

答案类似于@Vidar，但略为扩展：

import ldap

l = ldap.initialize("ldap://ldap.example.com")
try:
    l.protocol_version = ldap.VERSION3
    l.set_option(ldap.OPT_REFERRALS, 0)

    bind = l.simple_bind_s("me@example.com", "password")

    base = "dc=example, dc=com"
    criteria = "(&(objectClass=user)(sAMAccountName=username))"
    attributes = ['displayName', 'company']
    result = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes)

    results = [entry for dn, entry in result if isinstance(entry, dict)]
    print results

finally:
    l.unbind()

---

c

答案类似于@Vidar，但略为扩展：

import ldap

l = ldap.initialize("ldap://ldap.example.com")
try:
    l.protocol_version = ldap.VERSION3
    l.set_option(ldap.OPT_REFERRALS, 0)

    bind = l.simple_bind_s("me@example.com", "password")

    base = "dc=example, dc=com"
    criteria = "(&(objectClass=user)(sAMAccountName=username))"
    attributes = ['displayName', 'company']
    result = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes)

    results = [entry for dn, entry in result if isinstance(entry, dict)]
    print results

finally:
    l.unbind()

---

c

您的用户位于何处。通常是：OU=Users，DC=mycompany，DC=local Change，DC=mycompany，DC=local to OU=Users，DC=mycompany，DC=local您的用户在哪里。通常是：OU=Users，DC=mycompany，DC=local Change DC=mycompany，DC=local to OU=Users，DC=mycompany，DC=local您打算在搜索方法调用中使用条件和属性吗？您打算在搜索方法调用中使用条件和属性吗？