最近内网灰度发布的时候,需要批量添加整个部门的人员,怎么获取这个人员列表呢?用LDAP做用户登录和关联用户查询的时候我们可以看到属性中有相关部门信息;
方便起见,这个代码用python写写就好
实现参考:
from ldap3 import Server, Connection, ALL, NTLM
import datetime
import json
class operate_AD:
def __init__(self,Domain,User,Password):
self.domain=Domain
self.user=User
self.pwd=Password
self.DC=','.join(['DC=' + dc for dc in Domain.split('.')])
self.pre = Domain.split('.')[0].upper() #'china'
self.server = Server(self.domain, use_ssl=False,get_info=ALL)
self.conn = Connection(self.server, user=self.pre+'\\'+self.user, password=self.pwd, auto_bind=True)
self.u_time=datetime.date.today()
def Get_All_UserInfo(self):
'''
查询组织下的用户
org: 组织,格式为:aaa.bbb 即bbb组织下的aaa组织,不包含域地址
'''
#print('Get_All_UserInfo')
att_list = ['displayName','userAccountControl','sAMAccountName']
# org_base = ','.join(['OU=' + ou for ou in org.split('.')]) + ',' + self.DC
org_base = "dc=china,dc=组织,dc=com"
res = self.conn.search(search_base=org_base,search_filter='(&(department=匹配的部门信息*))',attributes=['department','sAMAccountName','sn'], paged_size='50',search_scope='SUBTREE')
if res:
for each in self.conn.response:
print(each['attributes']['sn'])#['dn'].split(",")[0].split("=")[1] ['attributes']['sAMAccountName']
return []
def main():
act=operate_AD('ldap://ldap-host:port','user','pwd')
for user in act.Get_All_UserInfo():
print(user)
print(' '*50)
if __name__ == '__main__':
main()
参考: