Group Membership in Active Directory Query

kooch54 at gmail.com kooch54 at gmail.com
Wed Feb 7 09:36:57 EST 2007 

On Feb 7, 9:22 am, kooc... at gmail.com wrote:
> I am trying to write a script to simply query the group members in an
> active directory group.  I need to use LDAP to make sure I capture any
> global > global group nestings that may occur.  I already have a
> function that uses WinNT provider to capture this info from NT4 or AD
> domains and it works beautifully.  It just doesn't capture global >
> global nestings.  I am having great difficulties in getting this to
> work on AD though with ldap.  I have a multiple domain tree
> environment and need to be able to query groups in different domains.
> I want to simply make an ldap connection, bind to it, search for the
> group and get it's members.
> I do the following for eDirectory and it works great but not in AD.
>
> import ldap
> l=ldap.open(1.2.3.4,trace_level = 1)
> l.simple_bind_s('cn=username,ou=company','password')
> UserRes = UserRes + l.search_s(
>                     o=company,
>                     ldap.SCOPE_SUBTREE, "(|'cn=groupname')
>
> If I do the same thing as above but to an AD source it doesn't work.
> I run the open and it seems successful, I run the bind using DN, UPN,
> or domain name and password and it seems to bind, I run the query and
> it says I must complete a successfull bind operation before doing a
> query.
>
> Any help is appreciated.



I found an example in the groups here and attempted it but it failed
as well.  Below is the code I used and the results.

import ldap, ldapurl

proto = 'ldap'
server = 'domaincontroller.domain.company.com'
port = 389

url = ldapurl.LDAPUrl(urlscheme=proto,
                      hostport="%s:%s" % (server,
                      str(port))).initializeUrl()
ldap_obj = ldap.initialize(url)

# !!!password will be on wire in plaintext!!!
ldap_obj = ldap_obj.simple_bind_s('username at domain.company.com',
                                  'password')

base = 'DC=DOMAIN, DC=COMPANY, DC=COM'

scope = ldap.SCOPE_SUBTREE

query = '(objectclass=user)'

res_attrs = ['*']

res = ldap_obj.search_ext_s(base, scope, query, res_attrs)
print res

RESULTS FROM PYTHON SHELL
res=ldap_obj.search_ext_s(base, scope, query, rest_attrs)
AttributeError: 'NoneType' object has no attribute 'search_Ext_s'

More information about the Python-list mailing list