[python-ldap] Can i check if the group exist in active directory using python ldap
Sebastian Wiesner
sebastian.wiesner at tu-dresden.de
Fri Sep 9 09:38:52 EDT 2016
Yes, I know. But thank you for pointing this out though. To use
objectClass=group would not work in my case, but using part of the DN
would. It all depends on how the actual directory is set up. Thats what
I already mentioned.
Greets
Am 09.09.2016 um 15:29 schrieb Michael Ströder:
> Sebastian Wiesner wrote:
>> the actual filter string for "user in group exist" depends on which LDAP object
>> is holding this information inside which attribute, so please provide further
>> information. Provided your group RDN part is cn=<group name>,ou=Group your
>> filterstring for verifying a special group exists is as follows:
>>
>> (&(ou:dn:=Group)(cn=<group name>))
> With this filter you're assuming that the string "ou=Group" is a component of
> the group entry's DN. This is wrong in most cases.
>
> Should rather be:
>
> (&(objectClass=group)(cn=<group name>))
>
> Ciao, Michael.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160909/8415370c/attachment.bin>
More information about the python-ldap
mailing list