第一篇文章.... 我正在尝试将角色映射到LDAP组成员资格,并希望我能得到一些如何分析这个的帮助吗?
一个角色由一组12个组中的1到12个组组成
角色只能拥有一个特定的组。
我认为用户可能有多个角色,他们可能不应该,但他们可能会。例如:
角色|组(S)
服务台|密码重置
安全|密码重置,启用用户
接待|启用用户,禁用用户
我的数据格式为
用户|集团
SmithA |密码重置
SmithA |启用用户
BloggsJ |密码重置
MouseM |启用用户
MouseM |禁用用户
从中您可以看到用户具有以下角色
用户|角色
SmithA |安全
BloggsJ |服务台
MouseM |接收
我可以修改第一个表格,使其更有用,例如将组分成多行,如下例所示:
角色|组(S)
服务台|密码重置
安全|密码重置
安全|启用用户
接待|启用用户
接待|禁用用户
我正在构建一个用户角色列表所需的SQL,并且有一种可怕的感觉我错过了显而易见的东西。 我正在使用MS Access,这不是一个家庭作业:) 感谢
答案 0 :(得分:0)
以下是我用来查看LDAP的内容。我从---
得到了想法'TSQL: How to get a list of groups that a user belongs to in Active Directory
'仅供参考,以获取GetObject调用中使用的域列表 “先跑这个看看那里有什么
Dim objNameSpace
Dim Domain
Set objNameSpace = GetObject("WinNT:")
For Each Domain In objNameSpace
Debug.Print Domain.Name
Next
Exit ' comment out after first time.
每周例行
' initialize needs reference Excel
Dim rc As Long, sFile As String, xls As Excel.Application
' your routine to get an output file name as sFile
' your routine to create XLS app and open an empty workbook named sFile and make sheet name
' add column headings in row 1
Dim nRow As Long, nCol As Long
Dim sHeading As Variant, myHeadings() As Variant: myHeadings = Array("User", "Group", "yourField3", "yourField4", "Count")
nRow = 1
nCol = 0
For Each sHeading In myHeadings
nCol = nCol + 1
xls.ActiveSheet.cells(1, nCol) = myHeadings(nCol - 1)
Next sHeading
' needs reference "Active DS Type Library"
Dim sGroup As Variant, myGroups() As Variant: myGroups = Array("yourGroup1", "yourGroup2")
' get each group
For Each sGroup In myGroups
Dim IGroup1 As IADsGroup, IUser1 As IADsUser
Set IGroup1 = GetObject("WinNT://" & "yourDomain" & "/" & sGroup & ",group")
' get each user in that group
For Each IUser1 In IGroup1.Members
If (Mid$(IUser1.Name, 1, 6) <> "userToBypass") Then
Dim IGroup2 As IADsGroup, IUser2 As IADsUser
Set IUser2 = GetObject("WinNT://" & "yourDomain" & "/" & IUser1.Name & ",user")
' get each group for that user
For Each IGroup2 In IUser2.Groups
If (Mid$(UCase(IGroup2.Name), 1, 13) <> "GroupToBypass") Then
nRow = nRow + 1
xls.ActiveSheet.cells(nRow, "A") = IUser2.Name
xls.ActiveSheet.cells(nRow, "B") = IGroup2.Name
xls.ActiveSheet.cells(nRow, "C") = "yourField3"
xls.ActiveSheet.cells(nRow, "D") = "yourField4" ' e.g. IUser2.Role ??
xls.ActiveSheet.cells(nRow, "E") = 1
End If
Next IGroup2
End If
Next IUser1
Next sGroup
' IADs cleanup
Set IGroup2 = Nothing
Set IUser2 = Nothing
Set IGroup1 = Nothing
Set IUser1 = Nothing
现在你已经在Excel中使用了它,你可以进行PIVOT或过滤或只列出
早上1点25分 - AHA,请忽略上面的代码,因为我以为你要去LDAP获取这些信息。但由于它已经在一个表中,并且让我们使用以下SQL -
SELECT UserGroup.User, UserGroup.Group, RoleGroup.Role
FROM UserGroup LEFT JOIN RoleGroup ON UserGroup.Group = RoleGroup.Group
ORDER BY UserGroup.User, RoleGroup.Role;
它返回 -
User Group Role
BloggsJ Password Reset Helpdesk
BloggsJ Password Reset Security
MouseM Disable User Reception
MouseM Enable User Reception
MouseM Enable User Security
SmithA Password Reset Helpdesk
SmithA Enable User Reception
SmithA Enable User Security
SmithA Password Reset Security
答案 1 :(得分:0)
解决了......我想......令人惊讶的是淋浴时头上的热水是什么。 a)从角色表中计算每种角色类型的行数。 b)在角色和LDAP表之间进行组连接。 c)计算每个角色的不同用户出现的次数。 d)如果该计数与每个角色的组数相同,那么它就是一个匹配。
我稍后会对其进行编码,现在就开始铺设屋顶。