克服 Active Directory 的 1000 条记录限制

2022-01-17 00:00:00 python ldap active-directory powershell

问题描述

PowerShell 能够提取 1492 条记录的列表.当我将 Python 与 ldap3 模块一起使用时,我遇到了 1000 条记录的限制.请帮我更改 Python 代码以超出限制.

PowerShell is capable of pulling list of 1492 records. When I using Python with ldap3 module I'm bumping into 1000 records limit. Please help me change Python code to exceed the limit.

PowerShell 输入:get-aduser -filter * -SearchBase "OU=SMZ USERS,OU=SMZ,OU=EUR,DC=my_dc,DC=COM" |测量对象

PowerShell input: get-aduser -filter * -SearchBase "OU=SMZ USERS,OU=SMZ,OU=EUR,DC=my_dc,DC=COM" | Measure-Object

输出:计数:1492平均 :总和:最大限度 :最低限度 :属性:

output: Count : 1492 Average : Sum : Maximum : Minimum : Property :

import json
from ldap3 import Server, 
Connection, 
AUTO_BIND_NO_TLS, 
SUBTREE, 
ALL_ATTRIBUTES

def get_ldap_info(u):
with Connection(Server('my_server', port=636, use_ssl=True),
                auto_bind=AUTO_BIND_NO_TLS,
                read_only=True,
                check_names=True,
                user='my_login', password='my_password') as c:

    c.search(search_base='OU=SMZ Users,OU=SMZ,OU=EUR,DC=my_dc,DC=com',
             search_filter='(&(samAccountName=' + u + '))',        
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             size_limit = 0,
             paged_criticality = True,                 
             paged_size = None,
             #attributes = ['cn'],
             get_operational_attributes=True)        

    content = c.response_to_json()
result = json.loads(content)
i = 0
for item in result["entries"]:
    i += 1
print(i)  
get_ldap_info('*')


解决方案

如果您将代码更改为使用 extend.standard 命名空间的 paged_search 方法,您应该能够检索到您正在寻找的所有结果.

If you change your code to using the paged_search method of the extend.standard namespace instead you should be able to retrieve all the results you are looking for.

请注意,您需要区别对待响应对象.

Just be aware that you will need to treat the response object differently.

def get_ldap_info(u):
with Connection(Server('XXX', port=636, use_ssl=True),
                auto_bind=AUTO_BIND_NO_TLS,
                read_only=True,
                check_names=True,
                user='XXX', password='XXX') as c:

    results = c.extend.standard.paged_search(search_base='dc=XXX,dc=XXX,dc=XXX',
             search_filter='(&(samAccountName=' + u + '))',        
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             #attributes = ['cn'],
             get_operational_attributes=True)        


i = 0
for item in results:
    #print(item)
    i += 1
print(i)  
get_ldap_info('*')

相关文章