我想列出 Active Directory 中的所有组,包括嵌套组。
有了这个,我得到了顶级组:
try {
Hashtable<String,String> props = new Hashtable<String,String>();
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://adserver");
props.put(Context.SECURITY_PRINCIPAL, "user@domain");
props.put(Context.SECURITY_CREDENTIALS, "password");
DirContext ctx = new InitialDirContext(props);
SearchControls cons = new SearchControls();
cons.setReturningAttributes(new String[] {"cn"});
cons.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration<SearchResult> answer = ctx.search("cn=users,dc=domain,dc=com", "(objectcategory=group)", cons);
System.out.println("AD GROUPS:");
while(answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
Attributes atts = result.getAttributes();
Attribute att = atts.get("cn");
String groupName = (String)att.get();
//how to search for groups nested in this group
}
} catch (NamingException e) {
e.printStackTrace();
}
如何获取嵌套组?我用谷歌搜索了一下,发现了这两种方式:
NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf:1.2.840.113556.1.4.194:=cn="+groupName+"))", controls);
和
NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf=CN="+groupName+"))", controls);
但这并没有返回嵌套组。我做错了什么?
最佳答案
如果您想查找嵌套组,Active Directory 必须有 memberOf:1.2.840.113556.1.4.1941 很重要(不要替换这个神奇的数字字符串)。
(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=Test group,CN=Users,DC=domain,DC=net))
关于java - LDAP查询获取一个组的所有组(嵌套),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19537437/