确认用户是否属于组,没有memberOf overlay

时间:2016-03-16 17:19:06

标签: ldap member openldap active-directory-group

请帮助我了解用于检查登录用户是否属于某个群组的过滤器(在我的情况下,群组号为10007), 不使用memberOf overlay。它甚至可能吗?如果是,那怎么办?

目前我已尝试使用过滤器:

(&(objectClass=posixGroup)(gidNumber=10007))

以下是应用程序当前通过LDAP登录用户的流程。

将用户登录:

Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=0 BIND dn="cn=AppUser,ou=Service Accounts,dc=domain,dc=com" method=128
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=0 BIND dn="cn=AppUser,ou=Service Accounts,dc=domain,dc=com" mech=SIMPLE ssf=0
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=0 RESULT tag=97 err=0 text=
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=1 SRCH base="dc=domain,dc=com" scope=2 deref=0 filter="(&(uid=AdminUser)(objectClass=posixAccount))"
Mar 16 08:54:50 mail slapd[1073]: <= bdb_equality_candidates: (uid) not indexed
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=2 SRCH base="cn=Admin User,ou=Admins,dc=domain,dc=com" scope=2 deref=0 filter="(&(uid=AdminUser)(objectClass=posixAccount))"
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=2 SRCH attr=uid givenName sn mail
Mar 16 08:54:50 mail slapd[1073]: <= bdb_equality_candidates: (uid) not indexed
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

检查用户是否属于具有gid编号的组:

Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=3 SRCH base="cn=Admin User,ou=Admins,dc=domain,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(gidNumber=10007))"
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=3 SRCH attr=givenName
Mar 16 08:54:50 mail slapd[1073]: <= bdb_equality_candidates: (gidNumber) not indexed
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=4 BIND anonymous mech=implicit ssf=0
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=4 BIND dn="cn=Admin User,ou=Admins,dc=domain,dc=com" method=128
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=4 BIND dn="cn=Admin User,ou=Admins,dc=domain,dc=com" mech=SIMPLE ssf=0
Mar 16 08:54:50 mail slapd[1073]: conn=2424 op=4 RESULT tag=97 err=0 text=
Mar 16 08:54:50 mail slapd[1073]: conn=2424 fd=23 closed (connection lost)

我的LDAP架构如下:

domain.com
    Service Accounts (Application Bind Users)
        AppUser
    Admins (Admin accounts)
        AdminUser
    Persons (regular accounts)
        Ted
        Kelly
        Ned
    Groups (Groups to define access level to applications)
        GogsAdmins
            AdminUser
        GogsUsers
            Ted
            Kelly
            Ned

0 个答案:

没有答案
相关问题
最新问题