python 使用ldap3 查询跨域的用户信息

使用ldap 3269端口，可以跨多子域查询用户的信息。

def find_email_of_user(displayName):

    server = Server('ldaps://x.x.x.x:3269', get_info=ALL)

    conn = Connection(server,

                      user='xxxx',

                      password='xxxxxxxxx',

                      auto_bind=True,

                      authentication=NTLM)

    conn.search('dc=domainname,dc=com',

                search_filter='(displayName={})'.format(displayName),

                attributes=ALL_ATTRIBUTES)

    result = conn.response[0]['attributes']

    return result['mail']

LDAP SSL uses ports 3269 and 636 but IMSS Windows does not support LDAP SSL.

The table shows the ports used by LDAP and LDAP SSL services/protocols:

Service Name	UDP	TCP
LDAP	None	389
LDAP SSL	None	636
Global Catalog LDAP	None	3268
Global Catalog LDAP SSL	None	3269

 

 

 

For more information about Active Directory and how it works, refer to the Microsoft article How Active Directory Searches Work.

其他参考文档：

https://help.duo.com/s/article/2061?language=en_US

https://informatics.perkinelmer.com/Support/KnowledgeBase/details/Default.aspx?TechNote=3142

https://docs.servicenow.com/bundle/orlando-platform-administration/page/integrate/ldap/reference/r_LDAPUsingGlobalCatalog.html