[python-ldap] Getting all active directory attributes
Michael Ströder
michael at stroeder.com
Tue Feb 24 12:05:41 CET 2015
Ziad Badawi wrote:
> Greetings,
>
> So I'm trying (according to my research)
>
> res = l.search_s('CN=Schema,CN=Configuration,DC=domain,DC=local',
> ldap.SCOPE_BASE, '(objectclass=*)', ['*','+'] )
>
> To get all attributes of my domain (server 2012).But i'm only getting those:
>
> ['distinguishedName', 'repsFrom', 'replUpToDateVector', 'cn',
> 'objectCategory', 'objectClass', 'masteredBy', 'objectGUID', 'repsTo',
> 'whenChanged', 'whenCreated', 'uSNCreated', 'msDs-masteredBy',
> 'uSNChanged', 'instanceType', 'dSCorePropagationData', 'name']
>
> which are for sure not all of them, the attribute editor on the server has
> a lot more.
> Am I missing something?
I assume you are talking about MS Active Directory W2K12.
1. AFAIK MS AD does *not* support getting all operational attributes by
requesting '+' like defined in RFC 3673.
2. There are some operational attributes in AD you have to explicitly request.
You have to find out which ones. One example is e.g. attribute 'tokenGroups'
because it computes all nested group membership relation and therefore
consumes a lot of resources.
All in all this is not strictly related to python-ldap. It's rather a general
AD question. You should ask in appropriate MS forums to get more information.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20150224/1a8fc4d5/attachment.bin>
More information about the python-ldap
mailing list