Databases
StackOverflow2013
Postsdbo
POLDAP: querying for user in entire domain using sAMAccountName
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POLDAP: querying for user in entire domain using sAMAccountName
    text
    copied!<p>I am using <code>python-ldap</code> module to work with AD on Windows 2003 R2 server.</p> <p>When I search for <code>ObjectClass=Person</code>, I see that some services are also returned in the query results. I want to know how I can change my query so that only user entries are returned, Also can you please point me to any documentation that focuses on this.</p> <p>Here is a snippet from my <code>ipython</code> commandline:</p> <pre> ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) l=ldap.initialize(server) l.simple_bind_s(user, password) user_filter = '(&(objectClass=person)(sAMAccountName=ouuser1))' base_dn='DC=id-ad, DC=idea, DC=com' qres=l.search_ext_s(base_dn, ldap.SCOPE_SUBTREE, user_filter) print qres </pre> <p>The result I get is </p> <pre> [('CN=ouuser1,OU=newou,DC=id-ad,DC=idea,DC=com', {'accountExpires': ['9223372036854775807'], 'badPasswordTime': ['0'], 'badPwdCount': ['0'], 'cn': ['ouuser1'], 'codePage': ['0'], 'countryCode': ['0'], 'displayName': ['ouuser1'], 'distinguishedName': ['CN=ouuser1,OU=newou,DC=id-ad,DC=idea,DC=com'], 'givenName': ['ouuser1'], 'instanceType': ['4'], 'lastLogoff': ['0'], 'lastLogon': ['0'], 'logonCount': ['0'], 'memberOf': ['CN=ougroup1,OU=newou,DC=id-ad,DC=idea,DC=com'], 'name': ['ouuser1'], 'objectCategory': ['CN=Person,CN=Schema,CN=Configuration,DC=id-ad,DC=idea,DC=com'], 'objectClass': ['top', 'person', 'organizationalPerson', 'user'], 'objectGUID': ['@\x87C\\\xdf\xbe\xe0M\x8c\xb7S-\xf4\x00.\xd0'], 'objectSid': ['\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x8c\xc6\xd8N\xe3`\x16\xe0\x96\xcf4\xabb\x04\x00\x00'], 'primaryGroupID': ['513'], 'pwdLastSet': ['0'], 'sAMAccountName': ['ouuser1'], 'sAMAccountType': ['805306368'], 'uSNChanged': ['417845'], 'uSNCreated': ['417839'], 'userAccountControl': ['512'], 'userPrincipalName': ['ouuser1@id-ad.idea.com'], 'whenChanged': ['20110909055335.0Z'], 'whenCreated': ['20110909055335.0Z']}), (None, ['ldaps://ForestDnsZones.id-ad.idea.com/DC=ForestDnsZones,DC=id-ad,DC=idea,DC=com']), (None, ['ldaps://DomainDnsZones.id-ad.idea.com/DC=DomainDnsZones,DC=id-ad,DC=idea,DC=com']), (None, ['ldaps://id-ad.idea.com/CN=Configuration,DC=id-ad,DC=idea,DC=com'])] </pre> <p>The entries that I want to eliminate are.</p> <pre><code>(None, ['ldaps://ForestDnsZones.id-ad.idea.com/DC=ForestDnsZones,DC=id-ad,DC=idea,DC=com']), (None, ['ldaps://DomainDnsZones.id-ad.idea.com/DC=DomainDnsZones,DC=id-ad,DC=idea,DC=com']), (None, ['ldaps://id-ad.idea.com/CN=Configuration,DC=id-ad,DC=idea,DC=com'])] </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload