英文:
Go/Ldap get primary groups of a user
问题
我正在使用go/ldap查询我的活动目录以获取特定用户的所有组,该函数工作正常,但未返回主要组,例如域用户。
代码示例
package main
import (
"encoding/json"
"errors"
"fmt"
"github.com/go-ldap/ldap/v3"
"github.com/techoner/gophp"
"handlers"
"log"
"reflect"
"strconv"
"strings"
)
func main(){
conn, err := connect(bindServer,BindPort)
if err != nil {
log.Printf("连接到AD/LDAP失败,错误:%s", err)
return nil, fmt.Errorf("连接到AD/LDAP失败,错误:%s", err)
}
errBind := conn.Bind(bindUser, bindPWD)
if errBind != nil {
if isLdapDebug {
log.Printf("绑定到AD/LDAP失败,错误:%s", errBind)
}
return nil, fmt.Errorf("绑定到AD/LDAP失败,错误:%s", errBind)
}
searchRequest := ldap.NewSearchRequest(
"DC=domain,DC=local",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=user)(sAMAccountName=%s))", administrator),
[]string{"dn"},
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return nil, err
}
if len(sr.Entries) != 1 {
return nil, errors.New("用户不存在")
}
userdn := sr.Entries[0].DN
log.Printf("用户DN为:%s", userdn)
searchRequest = ldap.NewSearchRequest(
"DC=domain,DC=local",
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=group)(member=CN=Administrator,CN=Users,DC=domain,DC=local))"),
[]string{"cn"}, // 可以是其他值吗?
nil,
)
sr, err = conn.Search(searchRequest)
if err != nil {
return nil, err
}
groups := []string{}
for _, entry := range sr.Entries {
//fmt.Printf("%s", entry)
groups = append(groups, entry.GetAttributeValue("cn"))
}
return groups, nil
}
输出
[Administrators Schema Admins Enterprise Admins Domain Admins Group Policy Creator Owners gteste1 gtest2]
组已正确返回,但缺少主要组。
有没有办法返回特定用户的所有组,包括主要组?
英文:
I'm using go/ldap to query my active directory to get all the groups of a specific user, the function is working but is not returning the Primary Groups, like Domain Users.
Code example
package main
import (
"encoding/json"
"errors"
"fmt"
"github.com/go-ldap/ldap/v3"
"github.com/techoner/gophp"
"handlers"
"log"
"reflect"
"strconv"
"strings"
)
func main(){
conn, err := connect(bindServer,BindPort)
if err != nil {
log.Printf("Failed to connect to AD/LDAP with error: %s", err)
return nil, fmt.Errorf("Failed to connect to AD/LDAP with error: %s", err)
}
errBind := conn.Bind(bindUser, bindPWD)
if errBind != nil {
if isLdapDebug {
log.Printf("Failed to bind to AD/LDAP with error: %s", errBind)
}
return nil, fmt.Errorf("Failed to bind to AD/LDAP with error: %s", errBind)
}
searchRequest := ldap.NewSearchRequest(
DC=domain,DC=local,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=user)(sAMAccountName=%s))", administrator),
[]string{"dn"},
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return nil, err
}
if len(sr.Entries) != 1 {
return nil, errors.New("User does not exist")
}
userdn := sr.Entries[0].DN
log.Printf("USER DN IS =%s", userdn)
searchRequest = ldap.NewSearchRequest(
DC=domain,DC=local,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=group)(member=CN=Administrator,CN=Users,DC=domain,DC=local))"),
[]string{"cn"}, // can it be something else than "cn"?
nil,
)
sr, err = conn.Search(searchRequest)
if err != nil {
return nil, err
}
groups := []string{}
for _, entry := range sr.Entries {
//fmt.Printf("%s", entry)
groups = append(groups, entry.GetAttributeValue("cn"))
}
return groups, nil
}
Output
[Administrators Schema Admins Enterprise Admins Domain Admins Group Policy Creator Owners gteste1 gtest2]
The groups are correcly returned but is missing the primary groups.
Any way to return all groups of a specific user including Primary Groups?
答案1
得分: 2
主要组是不同的。您必须查看用户的primaryGroupId属性,然后搜索具有该值的组的primaryGroupToken属性。
在大多数情况下,primaryGroupId将是513,对应于域用户组。
我在一篇文章中详细介绍了这个问题:Active Directory:什么使成员成为成员?
英文:
The primary group is different. You have to look at the primaryGroupId attribute on the user, then search for the group that has that value in its primaryGroupToken attribute.
In most cases, the primaryGroupId will be 513, which corresponds to the Domain Users group.
A little more detail in an article I wrote on this: Active Directory: What makes a member a member?
答案2
得分: 0
使用go-ldap/ldap/v3库在Go中查找主要组,我需要使用以下代码示例:
userdn := sr.Entries[0].DN
groups := []string{}
searchRequest = ldap.NewSearchRequest(
data.Record.LdapSuffix,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, SearchTimelimit, false,
fmt.Sprintf("(&(objectCategory=person)(objectClass=user)(primaryGroupID=513)(sAMAccountName=%s))", ldap.EscapeFilter(username)),
[]string{"primaryGroupID"},
nil,
)
sr, err = conn.Search(searchRequest)
if err != nil {
continue
}
if len(sr.Entries) > 0 {
primaryGroup := sr.Entries[0].GetAttributeValue("primaryGroupID")
if primaryGroup == "513" {
if searchGroup == "Domain Users" {
return true
}
}
}
以上是使用go-ldap/ldap/v3库在Go中查找主要组的代码示例。
英文:
To find the primary group in go using the lib
github.com/go-ldap/ldap/v3
I had to use this code sample:
userdn := sr.Entries[0].DN
groups := []string{}
searchRequest = ldap.NewSearchRequest(
data.Record.LdapSuffix,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, SearchTimelimit, false,
fmt.Sprintf("(&(objectCategory=person)(objectClass=user)(primaryGroupID=513)(sAMAccountName=%s))", ldap.EscapeFilter(username)),
[]string{"primaryGroupID"},
nil,
)
sr, err = conn.Search(searchRequest)
if err != nil {
continue
}
if len(sr.Entries) > 0 {
primaryGroup := sr.Entries[0].GetAttributeValue("primaryGroupID")
if primaryGroup == "513" {
if searchGroup == "Domain Users" {
return true
}
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论