How to find all the groups the user is a member? (LDAP)

问题

I am trying to get all the groups that a certain user is a member of.

I have the following structures in ldap:

o=myOrganization
     ou=unit1
         cn=admin
         cn=guess

and

ou=users
    cn=ann
    cn=bob
    cn=carla

• myOrganization is an instance of Organization
• unit1 is an instance of OrganizationUnit
• admin and guess are both GroupOfNames and have everyone as a member
• ann, bob, and carla are instances of Person

Currently, I am using the ldap module on python and this is what I have:

import ldap
l = ldap.initialize("ldap://my_host")
l.simple_bind_s("[my_dn]", "[my_pass]")
ldap_result = l.search("[BASE_DN]", ldap.SCOPE_SUBTREE, "(&(objectClass=Person)(cn=ann))", None)
res_type, data = l.result(ldap_result, 0)
print(data)

And I am able to get the user ann; but, how do I go about getting the groups Ann belongs to?

I tried, the following from this page:

search_filter='(|(&(objectClass=*)(member=cn=ann)))'
results = l.search_s([BASE_DN], ldap.SCOPE_SUBTREE, search_filter, ['cn',])

But I got an empty list. I also tried various combinations of queries, but they all return empty.

PS: I am using OpenLDAP on a linux machine

回答1:

member=cn=ann is not enough. You have to use ann's full DN, probably something like this:

member=cn=ann,ou=users,dc=company,dc=com

来源：https://stackoverflow.com/questions/40225230/how-to-find-all-the-groups-the-user-is-a-member-ldap