[python-ldap] Can i check if the group exist in active directory using python ldap
Sebastian Wiesner
Sebastian.Wiesner at tu-dresden.de
Sun Sep 11 07:19:53 EDT 2016
This is not hard to elaborate on. The group objects in our directory don't
have objectClass group, instead they have posixGroup. I could change the
objectClass filter to that, but since they have ou=Group as part of their DN
I don't see the point on changing it. Is it best practice to not use DN
parts inside filter criteria?
-----Ursprüngliche Nachricht-----
Von: Michael Ströder [mailto:michael at stroeder.com]
Gesendet: Freitag, 9. September 2016 16:42
An: Sebastian Wiesner <sebastian.wiesner at tu-dresden.de>;
python-ldap at python.org
Betreff: Re: [python-ldap] Can i check if the group exist in active
directory using python ldap
Sebastian Wiesner wrote:
> Yes, I know. But thank you for pointing this out though. To use
> objectClass=group would not work in my case, but using part of the DN
would.
Why not? If you know the complete (unique) group name using the filter
(&(objectClass=group)(cn=<group name>))
should always return this particular group.
> It all depends on how the actual directory is set up.
Please elaborate on why the filter above does not work in your case.
Ciao, Michael.
More information about the python-ldap
mailing list