[python-ldap] Searching for nested membership in AD groups
Michael Ströder
michael at stroeder.com
Fri Sep 30 20:37:16 EDT 2016
Sean Whalen wrote:
> Then I tried
>
> (member:1.2.840.113556.1.4.1941:=CN=Whalen\5c, Sean,OU=Users,OU=Users and
^^^^
Yes, you must escape the comma in the DN.
But the escaped hex-encoded character \5C must fully *replace* the comma. Or
simply escape the comma like \, (see RFC 4514).
Bear in mind that you have to deal with extra escaping in Python string syntax
when hard-coding a DN like this in your source code.
Also note that there can be a bunch of specific performance differences
depending on how and from where you connect and bind to Active Directory,
especially if it's not well maintained (stale directory replicas / site topology).
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20161001/a88eb676/attachment-0001.bin>
More information about the python-ldap
mailing list