Java LDAP 查询获取一个组的所有组(嵌套)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19537437/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
LDAP query get all groups (nested) of a group
提问by Trick
I want to list all groups in a Active Directory, including nested.
我想列出 Active Directory 中的所有组,包括嵌套组。
With this I get the top level groups:
有了这个,我得到了顶级组:
try {
Hashtable<String,String> props = new Hashtable<String,String>();
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://adserver");
props.put(Context.SECURITY_PRINCIPAL, "user@domain");
props.put(Context.SECURITY_CREDENTIALS, "password");
DirContext ctx = new InitialDirContext(props);
SearchControls cons = new SearchControls();
cons.setReturningAttributes(new String[] {"cn"});
cons.setSearchScope(SearchControls.ONELEVEL_SCOPE);
NamingEnumeration<SearchResult> answer = ctx.search("cn=users,dc=domain,dc=com", "(objectcategory=group)", cons);
System.out.println("AD GROUPS:");
while(answer.hasMore()) {
SearchResult result = (SearchResult) answer.next();
Attributes atts = result.getAttributes();
Attribute att = atts.get("cn");
String groupName = (String)att.get();
//how to search for groups nested in this group
}
} catch (NamingException e) {
e.printStackTrace();
}
How can I fetch nested groups? I googled a little and found this two ways:
如何获取嵌套组?我用谷歌搜索了一下,发现这两种方法:
NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf:1.2.840.113556.1.4.194:=cn="+groupName+"))", controls);
and
和
NamingEnumeration<SearchResult> nested = ctx.search("cn=users,dc=domain,dc=com", "(&(objectClass=group)(objectCategory=group)(memberOf=CN="+groupName+"))", controls);
But this is not returning the nested groups. What am I doing wrong?
但这并没有返回嵌套组。我究竟做错了什么?
回答by Sureshkumar Panneerselvan
You can use filters for category as follows
您可以按如下方式对类别使用过滤器
(&(objectCategory=user)(memberOf=cn=MyCustomGroup,ou=ouOfGroup,dc=subdomain,dc=domain,dc=com))
(&(objectCategory=user)(memberOf=cn=MyCustomGroup,ou=ouOfGroup,dc=subdomain,dc=domain,dc=com))
回答by user3504158
You can try to do next
你可以尝试做下一个
Attribute memberOf = srLdapUser.getAttributes().get("memberOf");
if (memberOf != null) {
for (int i = 0; i < memberOf.size(); i++) {
Attributes atts = ctx.getAttributes(memberOf.get(i).toString(), new String[] { "CN" });
Attribute att = atts.get("CN");
groups.add((att.get().toString()));
}
System.out.println(groups.toString());`
回答by kaybee99
Try changing
尝试改变
cons.setSearchScope(SearchControls.ONELEVEL_SCOPE);
to
到
cons.setSearchScope(SearchControls.SUBTREE_SCOPE);
This should allow you to search the entire subtree below and including the level you have specified
这应该允许您搜索下面的整个子树并包括您指定的级别
回答by FoxyBOA
Important for Active Directory to have memberOf:1.2.840.113556.1.4.1941 if you want to find nested groups (do not replace this magic numeric string).
如果您想查找嵌套组(不要替换这个神奇的数字字符串),那么 Active Directory 的 memberOf:1.2.840.113556.1.4.1941 很重要。
(&(objectCategory=Person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=Test group,CN=Users,DC=domain,DC=net))
回答by user10495801
This worked for me.
这对我有用。
(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=" + groupDn + "))
