5

我正在使用 Python 中的 ldap3 模块连接到本地 AD 域(在我的 vbox 机器上,Server 2016 域控制器上),如何阻止搜索结果返回引用?我已经设置了我可以在其他帖子和文档中找到的内容,但推荐仍然存在。

代码:

#!/usr/bin/env python
from ldap3 import Server, Connection, AUTO_BIND_NO_TLS, SUBTREE, ALL_ATTRIBUTES, ALL, DEREF_NEVER
from pprint import pprint

def get_ldap_info():
    with Connection(Server('dc01.ad.local', port=389, use_ssl=False),
                auto_bind=AUTO_BIND_NO_TLS,
                auto_referrals=False,
                read_only=True,
                check_names=True,
                user='CN=Administrator,CN=Users,dc=ad,dc=local',
                password='XXX') as c:

        results = c.extend.standard.paged_search(search_base='dc=ad,dc=local',
             search_filter='(objectClass=computer)',
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             dereference_aliases=DEREF_NEVER,
             get_operational_attributes=False)


        i = 0
        for item in results:
            print "---------"
            print type(item)
            print("TYPE ATTR: %s" % (item['type']))
            pprint(item)

            i += 1
        print(i)

if __name__ == "__main__":
    get_ldap_info()

运行产生以下作为前 3 个结果:

---------
<type 'dict'>
TYPE ATTR: searchResRef
{'type': 'searchResRef',
 'uri': [u'ldap://ad.local/CN=Configuration,DC=ad,DC=local']}
---------
<type 'dict'>
TYPE ATTR: searchResRef
{'type': 'searchResRef',
 'uri': [u'ldap://DomainDnsZones.ad.local/DC=DomainDnsZones,DC=ad,DC=local']}
---------
<type 'dict'>
TYPE ATTR: searchResRef
{'type': 'searchResRef',
 'uri': [u'ldap://ForestDnsZones.ad.local/DC=ForestDnsZones,DC=ad,DC=local']}

下一个结果是一个计算机对象,它应该是:

 <type 'dict'>
    TYPE ATTR: searchResEntry
    {'attributes': {u'primaryGroupID': 515, u'isCriticalSystemObject': False, u'logonCount': 22, u'cn': u'DY-WIN10VM01', u'countryCode': 0, u'dSCorePropagationData': [datetime.datetime(1601, 1, 1, 0, 0, tzinfo=OffsetTzInfo(offset=0, name='UTC'))], u'objectClass': [u'top', u'person', u'organizationalPerson', u'user', u'computer'], u'dNSHostName': u'DY-WIN10VM01.ad.local', u'lastLogonTimestamp': datetime.datetime(2019, 6, 3, 12, 55, 32, 164865, tzinfo=OffsetTzInfo(offset=0, name='UTC')), u'instanceType': 4, u'distinguishedName': u'CN=DY-WIN10VM01,CN=Computers,DC=ad,DC=local', u'sAMAccountType': 805306369, u'localPolicyFlags': 0, u'msDS-SupportedEncryptionTypes': 28, u'objectSid': 'S-1-5-21-626995883-1503940790-4148029712-1108', u'whenCreated': datetime.datetime(2019, 6, 3, 12, 55, 31, tzinfo=OffsetTzInfo(offset=0, name='UTC')), u'uSNCreated': 32998, u'badPasswordTime': datetime.datetime(1601, 1, 1, 0, 0, tzinfo=OffsetTzInfo(offset=0, name='UTC')), u'pwdLastSet': datetime.datetime(2019, 6, 3, 12, 55, 31, 977390, tzinfo=OffsetTzInfo(offset=0, name='UTC')), u'sAMAccountName': u'DY-WIN10VM01$', u'objectCategory': u'CN=Computer,CN=Schema,CN=Configuration,DC=ad,DC=local', u'objectGUID': '{43917324-e70f-4cb4-8a5a-43fde8a04b39}', u'whenChanged': datetime.datetime(2019, 6, 3, 12, 56, 36, tzinfo=OffsetTzInfo(offset=0, name='UTC')), u'badPwdCount': 0, u'accountExpires': datetime.datetime(9999, 12, 31, 23, 59, 59, 999999), u'operatingSystemVersion': u'10.0 (17763)', u'name': u'DY-WIN10VM01', u'codePage': 0, u'userAccountControl': 4096, u'lastLogon': datetime.datetime(2019, 6, 3, 15, 57, 15, 624474, tzinfo=OffsetTzInfo(offset=0, name='UTC')), u'uSNChanged': 33010, u'servicePrincipalName': [u'RestrictedKrbHost/DY-WIN10VM01', u'HOST/DY-WIN10VM01', u'RestrictedKrbHost/DY-WIN10VM01.ad.local', u'HOST/DY-WIN10VM01.ad.local'], u'operatingSystem': u'Windows 10 Enterprise Evaluation', u'lastLogoff': datetime.datetime(1601, 1, 1, 0, 0, tzinfo=OffsetTzInfo(offset=0, name='UTC'))},
     'dn': u'CN=DY-WIN10VM01,CN=Computers,DC=ad,DC=local',
     'raw_attributes': {u'primaryGroupID': ['515'], u'isCriticalSystemObject': ['FALSE'], u'logonCount': ['22'], u'cn': ['DY-WIN10VM01'], u'countryCode': ['0'], u'dSCorePropagationData': ['16010101000000.0Z'], u'objectClass': ['top', 'person', 'organizationalPerson', 'user', 'computer'], u'dNSHostName': ['DY-WIN10VM01.ad.local'], u'lastLogonTimestamp': ['132040401321648651'], u'instanceType': ['4'], u'distinguishedName': ['CN=DY-WIN10VM01,CN=Computers,DC=ad,DC=local'], u'sAMAccountType': ['805306369'], u'localPolicyFlags': ['0'], u'msDS-SupportedEncryptionTypes': ['28'], u'objectSid': ['\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xab2_%\xb6P\xa4Y\x10\xe9=\xf7T\x04\x00\x00'], u'whenCreated': ['20190603125531.0Z'], u'uSNCreated': ['32998'], u'badPasswordTime': ['0'], u'pwdLastSet': ['132040401319773897'], u'sAMAccountName': ['DY-WIN10VM01$'], u'objectCategory': ['CN=Computer,CN=Schema,CN=Configuration,DC=ad,DC=local'], u'objectGUID': ['$s\x91C\x0f\xe7\xb4L\x8aZC\xfd\xe8\xa0K9'], u'whenChanged': ['20190603125636.0Z'], u'badPwdCount': ['0'], u'accountExpires': ['9223372036854775807'], u'operatingSystemVersion': ['10.0 (17763)'], u'name': ['DY-WIN10VM01'], u'codePage': ['0'], u'userAccountControl': ['4096'], u'lastLogon': ['132040510356244744'], u'uSNChanged': ['33010'], u'servicePrincipalName': ['RestrictedKrbHost/DY-WIN10VM01', 'HOST/DY-WIN10VM01', 'RestrictedKrbHost/DY-WIN10VM01.ad.local', 'HOST/DY-WIN10VM01.ad.local'], u'operatingSystem': ['Windows 10 Enterprise Evaluation'], u'lastLogoff': ['0']},
     'raw_dn': 'CN=DY-WIN10VM01,CN=Computers,DC=ad,DC=local',
     'type': 'searchResEntry'}

我相信我可以先检查 item['type'] 并据此做出反应,但我想知道是否有任何方法可以不让这些推荐返回。

这里有关于 ldap 模块(例如thisthis )中的相同问题的问题,以及这里的文档中的一些问题,但我找不到任何关于 ldap3 的问题。

提前致谢

蟒蛇版本:

DY-MBP-2:bin home$ python --version
Python 2.7.16
4

1 回答 1

1

当 LDAP 搜索 Active Directory 时,您可能希望使用引用。有关更多详细信息,请参阅此链接: https ://docs.microsoft.com/en-us/windows/win32/ad/referrals

此列表推导将从列表中返回包含您要查找的条目的项目:

[i for i in results if i['type'] == 'searchResEntry']

于 2020-09-21T18:03:45.530 回答