我正在使用go/ldap查询我的Active Directory以获取特定用户的所有组,该函数可以工作,但不能返回主要组,如域用户。
代码示例
package main
import (
"encoding/json"
"errors"
"fmt"
"github.com/go-ldap/ldap/v3"
"github.com/techoner/gophp"
"handlers"
"log"
"reflect"
"strconv"
"strings"
)
func main(){
conn, err := connect(bindServer,BindPort)
if err != nil {
log.Printf("Failed to connect to AD/LDAP with error: %s", err)
return nil, fmt.Errorf("Failed to connect to AD/LDAP with error: %s", err)
}
errBind := conn.Bind(bindUser, bindPWD)
if errBind != nil {
if isLdapDebug {
log.Printf("Failed to bind to AD/LDAP with error: %s", errBind)
}
return nil, fmt.Errorf("Failed to bind to AD/LDAP with error: %s", errBind)
}
searchRequest := ldap.NewSearchRequest(
DC=domain,DC=local,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=user)(sAMAccountName=%s))", administrator),
[]string{"dn"},
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return nil, err
}
if len(sr.Entries) != 1 {
return nil, errors.New("User does not exist")
}
userdn := sr.Entries[0].DN
log.Printf("USER DN IS =%s", userdn)
searchRequest = ldap.NewSearchRequest(
DC=domain,DC=local,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=group)(member=CN=Administrator,CN=Users,DC=domain,DC=local))"),
[]string{"cn"}, // can it be something else than "cn"?
nil,
)
sr, err = conn.Search(searchRequest)
if err != nil {
return nil, err
}
groups := []string{}
for _, entry := range sr.Entries {
//fmt.Printf("%s", entry)
groups = append(groups, entry.GetAttributeValue("cn"))
}
return groups, nil
}
输出
[Administrators Schema Admins Enterprise Admins Domain Admins Group Policy Creator Owners gteste1 gtest2]
已正确返回组,但缺少主组。
有没有办法返回特定用户的所有组(包括主要组)?
2条答案
按热度按时间ki1q1bka1#
主组是不同的。您必须查看用户的
primaryGroupId
属性,然后搜索在其primaryGroupToken
属性中具有该值的组。在大多数情况下,
primaryGroupId
将为513
,它对应于Domain Users组。更详细一点在我写的一篇文章中:活动目录:什么使会员成为会员?
93ze6v8z2#
使用lib在go中查找主组
我不得不使用以下代码示例: