Search-Filter for LDAP (MS Active Directory)
Michael Ströder
michael at stroeder.com
Thu Oct 14 11:12:22 EDT 2004
Dirk Hagemann wrote:
>
> I'd like to know how to set up a query for all computer-accounts in a
> special part of Active Directory by using LDAP.
> Example:
> all computers with a name like "ABC*" at "..., ou=Production,
> DC=business,DC=company,DC=com"
> From these computers I want to get their OS, Service Pack and some
> other information.
Assuming you're using <http://python-ldap.sf.net> (untested):
----------------------------------------------------------------------
import ldap
l = ldap.initialize('ldap://domaincontroller.company.com')
l.protocol_version = 3
l.simple_bind_s('cn=Administrator,DC=business,DC=company,DC=com','secretpassword')
r = l.search_s(
'ou=Production,DC=business,DC=company,DC=com',
ldap.SCOPE_SUBTREE,
'(&(objectClass=computer)(cn=ABC*))' )
----------------------------------------------------------------------
Note that you have to bind as a real user with appropriate access rights
since anonymous search is disabled in Active Directory by default. Also note
that you might hit a server-side search limit leading to an exception
ldap.SIZELIMIT_EXCEEDED.
Ciao, Michael.
More information about the Python-list
mailing list