Search-Filter for LDAP (MS Active Directory)

D

Dirk Hagemann

Hi!

I asked here a few weeks ago the same question but the answer of Tim
Golden didn't really help yet.

I'd like to know how to set up a query for all computer-accounts in a
special part of Active Directory by using LDAP.

Example:
all computers with a name like "ABC*" at "..., ou=Production,
DC=business,DC=company,DC=com"
From these computers I want to get their OS, Service Pack and some
other information.
The difficulty is, the computers are in several OUs so I can't just
get through one LDAP-Path and the names of some OUs could change from
one day to another...

I read this RFC (http://www.rfc-editor.org/rfc/rfc2254.txt), but don't
know how to use this in python.

Kind regards
Dirk Hagemann
 
?

=?ISO-8859-1?Q?Michael_Str=F6der?=

Dirk said:
I'd like to know how to set up a query for all computer-accounts in a
special part of Active Directory by using LDAP.
Example:
all computers with a name like "ABC*" at "..., ou=Production,
DC=business,DC=company,DC=com"
> From these computers I want to get their OS, Service Pack and some
> other information.

Assuming you're using <http://python-ldap.sf.net> (untested):

----------------------------------------------------------------------
import ldap

l = ldap.initialize('ldap://domaincontroller.company.com')
l.protocol_version = 3
l.simple_bind_s('cn=Administrator,DC=business,DC=company,DC=com','secretpassword')

r = l.search_s(
'ou=Production,DC=business,DC=company,DC=com',
ldap.SCOPE_SUBTREE,
'(&(objectClass=computer)(cn=ABC*))' )
----------------------------------------------------------------------

Note that you have to bind as a real user with appropriate access rights
since anonymous search is disabled in Active Directory by default. Also note
that you might hit a server-side search limit leading to an exception
ldap.SIZELIMIT_EXCEEDED.

Ciao, Michael.
 
D

Dirk Hagemann

Michael said:
Assuming you're using <http://python-ldap.sf.net> (untested):

----------------------------------------------------------------------
import ldap

l = ldap.initialize('ldap://domaincontroller.company.com')
l.protocol_version = 3
l.simple_bind_s('cn=Administrator,DC=business,DC=company,DC=com','secretpassword')


r = l.search_s(
'ou=Production,DC=business,DC=company,DC=com',
ldap.SCOPE_SUBTREE,
'(&(objectClass=computer)(cn=ABC*))' )
----------------------------------------------------------------------

Note that you have to bind as a real user with appropriate access rights
since anonymous search is disabled in Active Directory by default. Also
note that you might hit a server-side search limit leading to an
exception ldap.SIZELIMIT_EXCEEDED.

Ciao, Michael.

Hi Michael!

The script will run under my logged on user with domain-admin rights -
so will will not have to authenticate a second time.
I hope I'll have the time tomorrow to test this code.

Greets
Dirk
 
?

=?ISO-8859-1?Q?Michael_Str=F6der?=

Dirk said:
The script will run under my logged on user with domain-admin rights -
so will will not have to authenticate a second time.

This is not relevant. The python-ldap module and the underlying OpenLDAP
libs does not care about your logged on Windows user.

=> You have to explicitly bind.

Ciao, Michael.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top