python 使用ldap3 查詢跨域的用戶信息

使用ldap 3269端口，可以跨多子域查詢用戶的信息。

def find_email_of_user(displayName):

    server = Server('ldaps://x.x.x.x:3269', get_info=ALL)

    conn = Connection(server,

                      user='xxxx',

                      password='xxxxxxxxx',

                      auto_bind=True,

                      authentication=NTLM)

    conn.search('dc=domainname,dc=com',

                search_filter='(displayName={})'.format(displayName),

                attributes=ALL_ATTRIBUTES)

    result = conn.response[0]['attributes']

    return result['mail']

LDAP SSL uses ports 3269 and 636 but IMSS Windows does not support LDAP SSL.

The table shows the ports used by LDAP and LDAP SSL services/protocols:

Service Name	UDP	TCP
LDAP	None	389
LDAP SSL	None	636
Global Catalog LDAP	None	3268
Global Catalog LDAP SSL	None	3269

 

 

 

For more information about Active Directory and how it works, refer to the Microsoft article How Active Directory Searches Work.

其他參考文檔：

https://help.duo.com/s/article/2061?language=en_US

https://informatics.perkinelmer.com/Support/KnowledgeBase/details/Default.aspx?TechNote=3142

https://docs.servicenow.com/bundle/orlando-platform-administration/page/integrate/ldap/reference/r_LDAPUsingGlobalCatalog.html