LDAP query for deleted users

2019-09-16 16:59发布

站内问答 / 前沿技术
827 2 5

The normal way to query a directory for users is (&(objectClass=user)(objectCategory=person)). The normal way to query for deleted objects is to add (isDeleted=TRUE).

However, the objectCategory attribute does not exist on tombstone objects, so a query for (&(objectClass=user)(objectCategory=person)(isDeleted=TRUE)) will get you nothing.

If you remove the (objectCategory=person) part, you'll get computers too, as they inherit from user.

Is it possible to retrieve only deleted users?

If not, is it possible to tell from the returned tombstone object if it's a user or not?

2条回答
虎瘦雄心在
2楼-- · 2019-09-16 17:45

Try an LDAP filter like:

(&(isDeleted=TRUE)(userAccountControl:1.2.840.113556.1.4.803:=512))

This should retrieve most deleted user type entries.

查看更多
0人赞 添加讨论(0) 举报
趁早两清
3楼-- · 2019-09-16 17:45

python3 code

import ldap
from ldap.controls.simple import ValueLessRequestControl
...
base = 
scope = ldap.SCOPE_SUBTREE
filterstr = '(&(objectClass=user)(isDeleted=TRUE))'
attrlist = 
result_set = []
ct = ldap.controls.simple.ValueLessRequestControl('1.2.840.113556.1.4.417', True)
result_id = l.search_ext(base, scope, filterstr, attrlist, serverctrls=[ct, ])
for i in range(0, 100):
    result_type, result_data = l.result(result_id, 0)
    if result_type == ldap.RES_SEARCH_ENTRY:
        result_set.append(result_data)
    else:
        break
...
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)