ldap嵌套组成员身份

问题描述

| 是否可以创建一个LDAP查询,该查询将返回(或检查)嵌套组中的用户?例如UserA是GroupA的成员,而GroupA是GroupB的成员。我希望在GroupB上查询返回UserA是成员。仅LDAP。该服务器是Active Directory。     

解决方法

        是,使用LDAP_MATCHING_RULE_IN_CHAIN匹配规则(OID 1.2.840.113556.1.4.1941)。例如:
(memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,DC=x)
参见http://msdn.microsoft.com/zh-cn/library/aa746475%28VS.85%29.aspx     ,        在本例中,使用
memberOf:1.2.840.113556.1.4.1941:=
时,必须使用组的完整专有名称。case2ѭ是整个专有名称
(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=MyGroup,OU=User,OU=Groups,OU=Security,DC=domain,DC=com))
您可以通过运行以下代码并放入此过滤器来获得组的专有名称     (&(objectClass = group)(名称= MyGroup))
Imports System.DirectoryServices

Module Module1

Sub Main()
    Dim run As Boolean = True
    Dim Filter As String
    While run
        Console.WriteLine(\"Enter Filter:\")
        Filter = Console.ReadLine()
        If Filter = \"exit\" Then
            run = False
        Else
            checkFilter(Filter)
        End If
    End While
End Sub

Function checkFilter(Filter As String) As Boolean
    Dim search As New DirectorySearcher(\"LDAP://dc=Domain,dc=com\")
    Try
        search.Filter = Filter
        search.PropertiesToLoad.Add(\"name\")
        search.PropertiesToLoad.Add(\"distinguishedName\")
        search.SearchScope = SearchScope.Subtree
        Dim results As SearchResultCollection = search.FindAll()
        If results Is Nothing Then
            Console.WriteLine(\"Nothing\")
            Return False
        Else
            If results.Count() = 0 Then
                Console.WriteLine(\"non found\")
            End If
            Dim result As SearchResult
            For Each result In results
                Console.WriteLine(result.Properties(\"name\")(0).ToString())
                Console.WriteLine(result.Properties(\"distinguishedName\")(0).ToString())
                \'For Each prop In result.Properties(\"members\")
                \'    Console.WriteLine(prop.ToString())
                \'Next
            Next
            Console.WriteLine(String.Format(\"{0} Users Found\",results.Count()))
        End If
    Catch ex As Exception
        Console.WriteLine(ex.Message)
    End Try
    Return True
End Function

End Module
    ,        作为您的问题,查询应为
(&(memberOf:1.2.840.113556.1.4.1941:={0})(objectCategory=person)(objectClass=user)(sAMAccountName={1}))
{0}
是嵌套的组,应为专有名称
{1}
是您想要的用户sAMAccountName(您可以使用
(sAMAccountName={1})
中的sAMAccountName以外的任何其他用户属性) 然后,如果用户是嵌套组的成员,则将获得用户详细信息以进行响应