我有这样的代码:
from ldap3 import Server, Connection
uri = 'ldaps://ca1.ad.xxx.com:123'
bind_user = 'CN=svc_bind_user,OU=Service Accounts,DC=subdomain1,DC=ad,DC=xxx,DC=com'
bind_password = 'svc_bind_p4$$'
server = Server(uri)
conn = Connection(server, bind_user, bind_password)
conn.bind()
user_filter = 'objectClass=*'
user_name_attr = 'sAMAccountName'
search_scope = 'SUBTREE'
我可以成功搜索user1 user1@subdomain1.ad.xxx.com ,
username = 'user1'
search_base= 'DC=subdomain1,DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
以及user2 user2@subdomain2.ad.xxx.com 这样的
username = 'user2'
search_base= 'DC=subdomain2,DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
如您所见,上面的代码是为每个用户量身定制的,以便分别调查不同的search_base:subdomain1和subdomain2
我不愿意在具有更高级别user1的此类代码中同时搜索user2和search_base= 'DC=ad,DC=xxx,DC=com':
username = 'user1'
search_base= 'DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
,但是上面的代码找不到用户,仅返回子域
的列表所以问题是,如果我在这里没有做错任何事情,是否可以通过使用带有特殊语法的search_base组合多个子域来在多个域中进行搜索?
我不想进行多次搜索,而且正如我提到的那样,SUBTREE /更高级别的serach_base似乎也不适合我
谢谢