Reputation: 131
ldap3 python search members of a group and retrieve their sAMAcountName (Active Directory)
I'm trying to use ldap3 with python to retrieve members of a group and also retrieve their sAMAccountName as we have mixed DN's (some with NTID and others with first/last name).
I've been trying this with no 0 luck, any help would be appreciated:
from ldap3 import Server, Connection, AUTO_BIND_NO_TLS, SUBTREE, BASE,
ALL_ATTRIBUTES, ObjectDef, AttrDef, Reader, Entry, Attribute,
OperationalAttribute import ldap3
conn = Connection(Server('adserver.com', port=389, use_ssl=False),
auto_bind=AUTO_BIND_NO_TLS, user='DOMAIN\\\NTID',
password='somepassword')
conn.search(search_base='CN=GROUPNAME,OU=Groups,OU=Resources,OU=Global,DC=adserver.com',
search_filter='(objectCategory=person)', search_scope=SUBTREE,
attributes = ['sAMAAccountName'], size_limit=0)
print(conn.response_to_json())
Upvotes: 12
Views: 49821
Answers (3)
Reputation: 76
sAMAccountName and cn might be the same in your directory, but they don't have to be.
cn_match = re.match(r"^CN=([a-zA-Z0-9-_ &\.]+),.*$", conn.entries[0].sAMAccountName.values)
cn = cn_match.group(1)
So you can use the regex above to simply parse out the cn name, but if you want to lookup sAMaccountName, you'll need to query the above aoutput against the value of the cn attribute and return the sAMAccountName value.
Upvotes: 0
Reputation: 318
Before you can search the members you must first pull down the list of members from the group itself.
conn.search(
search_base='CN=GROUPNAME,OU=Groups,OU=Resources,OU=Global,DC=adserver.com',
search_filter='(objectClass=group)',
search_scope='SUBTREE',
attributes = ['member']
)
for entry in conn.entries:
print(entry.member.values)
This will print out a list of members as distinguished names.
You will then need to perform a new search that iterates through each of the members and returns the sAMAccountName for each member.
Here is what the full code might look like (may need to be tweaked):
conn.search(
search_base='CN=GROUPNAME,OU=Groups,OU=Resources,OU=Global,DC=adserver.com',
search_filter='(objectClass=group)',
search_scope='SUBTREE',
attributes = ['member']
)
for entry in conn.entries:
for member in entry.member.values:
conn.search(
search_base='OU=Global,DC=adserver.com',
search_filter=f'(distinguishedName={member})',
attributes=[
'sAMAccountName'
]
)
user_sAMAccountName = conn.entries[0].sAMAccountName.values
print(user_sAMAccountName)
Upvotes: 18
Reputation: 1588
The entries found should be in the entries property of the Connection object. Try with print(conn.entries)
Upvotes: 0
Related Questions
- How to get all groups that specific user is member of - python, Active Directory
- Need help forming python-ldap query to list group members
- Python ldap3 how to get all members of a group
- Python: how to get emails of Active Directory group members?
- How to get the user belongs to which group in python
- LDAP Python - Search for users which are members of a group in nested OUs
- python 3.7 and ldap3 reading group membership
- django-python3-ldap Search Users belonging to Specific Group in Active Directory
- Use ldap3 to query all active directory groups a user belongs to
- Getting names of groups in Windows Active Directory using Python