Reading groups from LDAP
Michael Ströder
michael at stroeder.com
Wed Jun 18 18:46:54 CEST 2008
Melita Mihaljevic wrote:
> On Wed, Jun 18, 2008 at 5:58 PM, Michael Ströder <michael at stroeder.com
> <mailto:michael at stroeder.com>> wrote:
> Michael Ströder wrote:
> Melita Mihaljevic wrote:
> My search filter is (it's all in one line):
> search_filter =
> '(|(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=usera*))
> (&(objectClass=groupOfNames)(member=uid=usera*))
> (&(objectClass=posixGroup)(memberUid=usera*)))'
>
> Why do you want to do wildcard searches? This is not guaranteed
> to work since some of the member attributes might not even have
> a SUBSTR matching rule assigned.
>
> Because I know only uid and don't now the other user informations
The user enters some user name. During login you have to use a
configurable search filter for searching the user's entry.
Something like:
user_search_filter_template = '(|(uid=%s)(sAMAccountName=%s))'
An then replace %s with what the user entered as user name.
Then you have the DN and some more eventually needed attributes for
conducting a exact search for the group entries a user is member of like
I described in my former posting.
> Because in the MoinMoin I search only groups with uid in it,only those
> are important for me.
LDAP directories can have user entries which do not have attribute 'uid'
at all!
Ciao, Michael.
More information about the python-ldap
mailing list