Reading groups from LDAP
Michael Ströder
michael at stroeder.com
Wed Jun 18 17:52:26 CEST 2008
Melita Mihaljevic wrote:
>
> My search filter is (it's all in one line):
> search_filter =
> '(|(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=usera*))
> (&(objectClass=groupOfNames)(member=uid=usera*))
> (&(objectClass=posixGroup)(memberUid=usera*)))'
Why do you want to do wildcard searches? This is not guaranteed to work
since some of the member attributes might not even have a SUBSTR
matching rule assigned.
> Also the other thing I want to do is to search
> (objectClass=*)&(*member*=uid=usera*). Is that possible ?
No it's not.
And for security reasons you should really stay away from wildcard
searches when doing group evaluation! That's a security mechanism and
therefore your code MUST be as exact as possible!
Ciao, Michael.
More information about the python-ldap
mailing list