我需要在python中执行以下命令:
ldapsearch -H ldap://10.120.80.17:300 -x -LLL "uid=cich"
然后我得到这个作为 bash 的输出:
dn: employeeNumber=621,ou=Internal,ou=People,o=NSN
mail: name.surname@example.com
objectClass: nsnEDPerson
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: dspswuser
objectClass: posixAccount
objectClass: shadowAccount
nsnSiteCode: 600906
gidNumber: 555
uid: cich
loginShell: /bin/bash
homeDirectory: /home/cich
nsnPrimaryEmailAddress: name.surname@example.com
gecos: surname name
employeeNumber: 6216
cn: surname name
uidNumber: 6216
这是我尝试使用 python-ldap 库在 python 中执行的,但它不起作用,我在最后一行出现"结果"错误
import ldap
con = ldap.initialize('ldap://10.120.80.17:300')
ldap_base = "ou=Internal,ou=People,o=NSN"
query = "(uid=cich)"
result = con.search_s(ldap_base, ldap.SCOPE_SUBTREE, query)
我想我不明白我必须ldap_base放什么,你能解释一下吗?
有一些来自 lib 的文档:
def search_ext(self,base,scope,filterstr=None,attrlist=None,attrsonly=0,serverctrls=None,clientctrls=None,timeout=-1,sizelimit=0):
"""
search(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]]) -> int
search_s(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0]]])
search_st(base, scope [,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,timeout=-1]]]])
search_ext(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]])
search_ext_s(base,scope,[,filterstr='(objectClass=*)' [,attrlist=None [,attrsonly=0 [,serverctrls=None [,clientctrls=None [,timeout=-1 [,sizelimit=0]]]]]]])
Perform an LDAP search operation, with base as the DN of
the entry at which to start the search, scope being one of
SCOPE_BASE (to search the object itself), SCOPE_ONELEVEL
(to search the object's immediate children), or SCOPE_SUBTREE
(to search the object and all its descendants).
filter is a string representation of the filter to
apply in the search (see RFC 4515).
Each result tuple is of the form (dn,entry), where dn is a
string containing the DN (distinguished name) of the entry, and
entry is a dictionary containing the attributes.
Attributes types are used as string dictionary keys and attribute
values are stored in a list as dictionary value.
The DN in dn is extracted using the underlying ldap_get_dn(),
which may raise an exception of the DN is malformed.
If attrsonly is non-zero, the values of attrs will be
meaningless (they are not transmitted in the result).
The retrieved attributes can be limited with the attrlist
parameter. If attrlist is None, all the attributes of each
entry are returned.
serverctrls=None
clientctrls=None
The synchronous form with timeout, search_st() or search_ext_s(),
will block for at most timeout seconds (or indefinitely if
timeout is negative). A TIMEOUT exception is raised if no result is
received within the time.
The amount of search results retrieved can be limited with the
sizelimit parameter if non-zero.
"""
参数base是搜索库,有时称为搜索根。它指定您开始搜索的整个目录信息树 (DIT( 的子树。它与ldapsearch工具的命令行选项-b具有相同的含义。您的本地配置(文件 ldap.conf(可能包含此值。
大多数情况下,您为此选择LDAP服务器数据库的顶级条目。如果您的 LDAP 服务器授予对根 DSE 的读取访问权限,您可以查询 LDAP 服务器上各种数据库的"命名上下文",如下所示:
ldapsearch -H ldap://10.120.80.17:300 -x -LLL -b "" namingContexts