我们在openldap上使用https://ltb-project.org/documentation/openldap-noopsrch.html覆盖。
它可以显示每个目录中的条目数量,而不必浏览所有条目。
示例show-e '!1.3.6.1.4.1.4203.666.5.18'controltype to ldapsearch:
ldapsearch -x -H 'ldap://localhost:389' -D 'cn=Manager,dc=my-domain,dc=com'
-w secret -b 'dc=my-domain,dc=com'
'(objectClass=*)' -e '!1.3.6.1.4.1.4203.666.5.18'
我使用python3 ldap3: https://ldap3.readthedocs.io/en/latest/searches.html
有关于如何实现这个的提示/例子吗?
感谢@EricLavault的回答,我设法解决了这个问题:
c.search(base, filter, scope, controls=[
build_control(oid='1.3.6.1.4.1.4203.666.5.18',
criticality=True,
value=None)
])
c。结果保存一个控件字典:
{
'result': 0, 'description': 'success', 'dn': '',
'message': '', 'referrals': None, 'type': 'searchResDone',
'controls': {
'1.3.6.1.4.1.4203.666.5.18': {'description': '',
'criticality': False,
'value': b'0x0bx02x01x00x02x03x01xf0xacx02x01x00'
}
}
值的格式说明如下:
https://ltb-project.org/documentation/openldap-noopsrch.html使用>>> v = b'0x0bx02x01x00x02x03x01xf0xacx02x01x00'
>>> vh = hex(int.from_bytes(v,'big'))
>>> vhl = [f"0x{vh[i:i+2]}" for i in range(2, len(vh), 2)]
>>> vhl
['0x30', '0x0b', '0x02', '0x01', '0x00', '0x02', '0x03', '0x01', '0xf0', '0xac', '0x02', '0x01', '0x00']
# org count length is the 7th hex from msb in vhl (it can have another position if the response have any kind of error)
>>> orglen = int(vhl[6], 16)
>>> orgcount = vhl[7:7+orglen]
>>> orgcount
['0x01', '0xf0', '0xac']
>>> c = '0x'
# merge orgcount hex
>>> for o in orgcount:
... c += f"{int(o, 16):02x}"
...
>>> c = int(c, 16) # convert back to dec
>>> c
127148
通过计算给定相同基数,范围和过滤器返回的对象来检查,只需要27秒来解析,而这需要0.24秒