我有这样的代码:
from ldap3 import Server, Connection
uri = 'ldaps://ca1.ad.xxx.com:123'
bind_user = 'CN=svc_bind_user,OU=Service Accounts,DC=subdomain1,DC=ad,DC=xxx,DC=com'
bind_password = 'svc_bind_p4$$'
server = Server(uri)
conn = Connection(server, bind_user, bind_password)
conn.bind()
user_filter = 'objectClass=*'
user_name_attr = 'sAMAccountName'
search_scope = 'SUBTREE'
我可以像这样成功搜索user1 user1@subdomain1.ad.xxx.com
username = 'user1'
search_base= 'DC=subdomain1,DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
以及user2 user2@subdomain2.ad.xxx.com这样的
username = 'user2'
search_base= 'DC=subdomain2,DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
如您所见,上面的代码是为每个用户量身定制的,以查看不同的 内容search_base:subdomain1因此subdomain2
我厌倦了在更高级别的代码user1中搜索两者:user2search_base= 'DC=ad,DC=xxx,DC=com'
username = 'user1'
search_base= 'DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
但上面的代码没有找到用户,只返回子域列表
所以问题是,如果我在这里没有做错任何事情,是否有一种方法可以在多个域中进行搜索,可能search_base具有结合多个子域的特殊语法?
我不想进行多次搜索,而且正如我提到的 SUBTREE/更高级别的 serach_base 似乎也不适合我
谢谢