I am trying to write a script to simply query the group members in an
active directory group. I need to use LDAP to make sure I capture any
global global group nestings that may occur. I already have a
function that uses WinNT provider to capture this info from NT4 or AD
domains and it works beautifully. It just doesn't capture global >
global nestings. I am having great difficulties in getting this to
work on AD though with ldap. I have a multiple domain tree
environment and need to be able to query groups in different domains.
I want to simply make an ldap connection, bind to it, search for the
group and get it's members.
I do the following for eDirectory and it works great but not in AD.
import ldap
l=ldap.open(1.2.3.4,trace_level = 1)
l.simple_bind_s('cn=username,ou=company','password ')
UserRes = UserRes + l.search_s(
o=company,
ldap.SCOPE_SUBTREE, "(|'cn=groupname')
If I do the same thing as above but to an AD source it doesn't work.
I run the open and it seems successful, I run the bind using DN, UPN,
or domain name and password and it seems to bind, I run the query and
it says I must complete a successfull bind operation before doing a
query.
Any help is appreciated.
7  16422 
On Feb 7, 9:22 am, kooc...@gmail.com wrote:
I am trying to write a script to simply query the group members in an
active directory group. I need to use LDAP to make sure I capture any
global global group nestings that may occur. I already have a
function that uses WinNT provider to capture this info from NT4 or AD
domains and it works beautifully. It just doesn't capture global >
global nestings. I am having great difficulties in getting this to
work on AD though with ldap. I have a multiple domain tree
environment and need to be able to query groups in different domains.
I want to simply make an ldap connection, bind to it, search for the
group and get it's members.
I do the following for eDirectory and it works great but not in AD.
import ldap
l=ldap.open(1.2.3.4,trace_level = 1)
l.simple_bind_s('cn=username,ou=company','password ')
UserRes = UserRes + l.search_s(
o=company,
ldap.SCOPE_SUBTREE, "(|'cn=groupname')
If I do the same thing as above but to an AD source it doesn't work.
I run the open and it seems successful, I run the bind using DN, UPN,
or domain name and password and it seems to bind, I run the query and
it says I must complete a successfull bind operation before doing a
query.
Any help is appreciated.
I found an example in the groups here and attempted it but it failed
as well. Below is the code I used and the results.
import ldap, ldapurl
proto = 'ldap'
server = 'domaincontroller.domain.company.com'
port = 389
url = ldapurl.LDAPUrl(urlscheme=proto,
hostport="%s:%s" % (server,
str(port))).initializeUrl()
ldap_obj = ldap.initialize(url)
# !!!password will be on wire in plaintext!!!
ldap_obj = ldap_obj.simple_bind_s('u*******@domain.company.co m',
'password')
base = 'DC=DOMAIN, DC=COMPANY, DC=COM'
scope = ldap.SCOPE_SUBTREE
query = '(objectclass=user)'
res_attrs = ['*']
res = ldap_obj.search_ext_s(base, scope, query, res_attrs)
print res
RESULTS FROM PYTHON SHELL
res=ldap_obj.search_ext_s(base, scope, query, rest_attrs)
AttributeError: 'NoneType' object has no attribute 'search_Ext_s' ko*****@gmail.com schrieb:
ldap_obj = ldap_obj.simple_bind_s('u*******@domain.company.co m',
'password')
AttributeError: 'NoneType' object has no attribute 'search_Ext_s'
dummy = ldap_obj.simple_bind_s('u*******@domain.company.co m',
'password')
or better simply
ldap_obj.simple_bind_s('u*******@domain.company.co m',
'password')
On Feb 7, 11:56 am, Uwe Hoffmann <q...@tiscali.dewrote:
kooc...@gmail.com schrieb:
ldap_obj = ldap_obj.simple_bind_s('usern...@domain.company.co m',
'password')
AttributeError: 'NoneType' object has no attribute 'search_Ext_s'
dummy = ldap_obj.simple_bind_s('usern...@domain.company.co m',
'password')
or better simply
ldap_obj.simple_bind_s('usern...@domain.company.co m',
'password')
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple_bind......
I tried your second recommendation of using
ldap_obj.simple_bind_s('usern...@domain.company.co m','password')
Now I get the following error even after the bind operation seems to
complete successfully.
result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C0905FF, comment:
In order to perform this operation a successful bind must be completed
on the connection., data 0, vece', 'desc': 'Operations error'}
Thanks again...
On Feb 8, 4:27 am, kooc...@gmail.com wrote:
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple_bind......
I _really_ don't think Uwe was intending any slight, 'dummy' generally
means 'dummy variable' ie it's just there to catch the value but it's
never used after that :)
If you're doing a lot of AD work, I highly recommend Tim Golden's
active_directory module: http://timgolden.me.uk/python/
active_directory.html
His WMI module has also been a godsend on a number of occasions.
- alex23
On Feb 7, 7:52 pm, "alex23" <wuwe...@gmail.comwrote:
On Feb 8, 4:27 am, kooc...@gmail.com wrote:
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple_bind......
I _really_ don't think Uwe was intending any slight, 'dummy' generally
means 'dummy variable' ie it's just there to catch the value but it's
never used after that :)
If you're doing a lot of AD work, I highly recommend Tim Golden's
active_directory module:http://timgolden.me.uk/python/
active_directory.html
His WMI module has also been a godsend on a number of occasions.
- alex23
Alex-
Thanks for your response and Uwe I apologize if I misunderstood
and misinterpreted your comments. I am sorry.
I have tried Tim's module called active_directory and it works really
well. But I can't figure out how to connect to a specific group is I
know the common name for it but not the DN and then return it's
members. Example.... I know the group name is domain1\sharedaccess.
How do I bind to that group and get the members. The domain isn't
necessarily the defaultnamingcontext. It could be another domain in
the forest. I need to be able to connect to any domain group and get
it's members. Thanks again.
On Feb 8, 8:44 am, "Kooch54" <kooc...@gmail.comwrote:
On Feb 7, 7:52 pm, "alex23" <wuwe...@gmail.comwrote:
On Feb 8, 4:27 am, kooc...@gmail.com wrote:
First and foremost thanks for the feedback. Although I don't
appreciate the slight dig at me.
dummy = ldap_obj.simple_bind......
I _really_ don't think Uwe was intending any slight, 'dummy' generally
means 'dummy variable' ie it's just there to catch the value but it's
never used after that :)
If you're doing a lot of AD work, I highly recommend Tim Golden's
active_directory module:http://timgolden.me.uk/python/
active_directory.html
His WMI module has also been a godsend on a number of occasions.
- alex23
Alex-
Thanks for your response and Uwe I apologize if I misunderstood
and misinterpreted your comments. I am sorry.
I have tried Tim's module called active_directory and it works really
well. But I can't figure out how to connect to a specific group is I
know the common name for it but not the DN and then return it's
members. Example.... I know the group name is domain1\sharedaccess.
How do I bind to that group and get the members. The domain isn't
necessarily the defaultnamingcontext. It could be another domain in
the forest. I need to be able to connect to any domain group and get
it's members. Thanks again.
Bump
Kooch54 wrote:
> Thanks for your response and Uwe I apologize if I misunderstood
and misinterpreted your comments. I am sorry.
I have tried Tim's module called active_directory and it works really
well. But I can't figure out how to connect to a specific group is I
know the common name for it but not the DN and then return it's
members.
For the simple "group in my domain" situation, as
far as I can see you can do something like this:
<code>
import active_directory
for group in active_directory.search (
"sAMAccountName='sharedaccess'",
"objectClass='group'"
):
print group
for member in group.members:
print member
</code>
(I'm not on an AD-connected machine just now, but I
think that'll do it).
As to finding it another domain, I'm not sure. I suspect
that if you simply issue the above query, you'll get
the groups back from all domains in the forest. But I'm
not sure about that. In essence this isn't a Python question
as such. If you can find out from any source how to formulate
the query in an AD way, I'm quite sure we can translate that
easily into Python.
I'm afraid that my AD module is a very lightweight wrapper
over the LDAP:// object system and offers very little support
(and gets very little attention from me). Hopefully I can
have a boost of energy & time and give it some help.
TJG This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: m z via .NET 247 |
last post by:
Hi All,
I am trying to get a list of users that belong to a group in Active Directory.
Somehow I think I need to use the DirectorySearcher as follows:
DirectorySearcher searcher = new...
|
by: Ran Davidovitz |
last post by:
Hi.
We need to create a view of our active directory users (we have 2500).
I found out that there is max page size of 1000, so we cannot get more
data.
Anyone found a solution to that...
|
by: mpriem |
last post by:
Hi,
I am trying to enumerate Exchange Admin groups, but fail to with the
folowing code. Can someone help me with this issue.
The executing user has sufficient permissions.
using System;
...
|
by: Arvind P Rangan |
last post by:
Hi,
How do u interpret a Active Directory Structure into code format.
Like i have a ADS Structrue
like this
main.domain.com
+ AB
+ UB
+ AC
All my information are in AC
|
by: Tash |
last post by:
I am having a weird problem. I am trying to use the following code to query
active directory.
Function IsExistInAD(ByVal loginName As String) As Boolean
Dim userName As String =...
|
by: Sara Rafiee via .NET 247 |
last post by:
hello this is my code could anyone help me, I want to search exact user in special group in active directory, my group name is test11 . could anyone here help me to do this.
thanks this is my code
...
|
by: dug04 |
last post by:
Hi
I am trying to write a query that will select all users in the Organization bucket in active directory. The problem is that within the Organization bucket, there are many other buckets. I...
|
by: =?Utf-8?B?YXppZWdsZXI=?= |
last post by:
Hello, everybody.
I'd like to do this: For a big program (a web service) I need information
about the usergroups an active-directory-user is member of. To be more
precise, I need to know if a...
|
by: pbala |
last post by:
Check the User is the Member of One Group using Active Directory in C#.net
...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
