Search-Filter for LDAP (MS Active Directory)
Dirk Hagemann
usenet at mail-2-me.com
Thu Oct 14 16:17:43 EDT 2004
Michael Ströder schrieb:
> Dirk Hagemann wrote:
>
>>
>> I'd like to know how to set up a query for all computer-accounts in a
>> special part of Active Directory by using LDAP.
>> Example:
>> all computers with a name like "ABC*" at "..., ou=Production,
>> DC=business,DC=company,DC=com"
>
> > From these computers I want to get their OS, Service Pack and some
> > other information.
>
> Assuming you're using <http://python-ldap.sf.net> (untested):
>
> ----------------------------------------------------------------------
> import ldap
>
> l = ldap.initialize('ldap://domaincontroller.company.com')
> l.protocol_version = 3
> l.simple_bind_s('cn=Administrator,DC=business,DC=company,DC=com','secretpassword')
>
>
> r = l.search_s(
> 'ou=Production,DC=business,DC=company,DC=com',
> ldap.SCOPE_SUBTREE,
> '(&(objectClass=computer)(cn=ABC*))' )
> ----------------------------------------------------------------------
>
> Note that you have to bind as a real user with appropriate access rights
> since anonymous search is disabled in Active Directory by default. Also
> note that you might hit a server-side search limit leading to an
> exception ldap.SIZELIMIT_EXCEEDED.
>
> Ciao, Michael.
Hi Michael!
The script will run under my logged on user with domain-admin rights -
so will will not have to authenticate a second time.
I hope I'll have the time tomorrow to test this code.
Greets
Dirk
More information about the Python-list
mailing list