这个过滤器在我的LDAP浏览器中工作得很好,python ldap不会拾取它:
(&(!objectClass=computer)(sn=*%s*))
导致:
Request Method: GET Request
URL: http://localhost:8000/ldap_find/%D0%B1%D0%BE%D0%BB%D0%BE%D1%82/
Django Version: 1.4
Exception Type: FILTER_ERROR
Exception Value: {'desc': 'Bad search filter'}
下面是执行此操作的代码:
try:
LDAPClient.connect()
base = AUTH_LDAP_SEARCH_BASE
scope = ldap.SCOPE_SUBTREE
filter = '(&(!objectClass=computer)(sn=*%s*))' % search_string
result_set = list()
result = LDAPClient.client.search(base.encode(encoding='utf-8'), scope, filter.encode(encoding='utf-8'),['cn','mail'])
res_type, res_data = LDAPClient.client.result(result)
for data in res_data:
if data[0]:
result_set.append(data)
return json.dumps(result_set)
except Exception, e:
raise e
finally:
LDAPClient.unconnect()
它适用于简单的过滤器,例如
filter = 'sn=*%s*' % search_string
所以我猜这是 &或 ldap lib 中的某种转义,但还找不到根。
搜索筛选器语法不正确。使用 (&(sn=*%s*)(!(objectClass=computer))) .搜索筛选器在RFC4511和RFC4515中有很好的记录。