I have a code like this:
from ldap3 import Server, Connection
uri = 'ldaps://ca1.ad.xxx.com:123'
bind_user = 'CN=svc_bind_user,OU=Service Accounts,DC=subdomain1,DC=ad,DC=xxx,DC=com'
bind_password = 'svc_bind_p4$$'
server = Server(uri)
conn = Connection(server, bind_user, bind_password)
conn.bind()
user_filter = 'objectClass=*'
user_name_attr = 'sAMAccountName'
search_scope = 'SUBTREE'
I can successfully search for user1 user1@subdomain1.ad.xxx.com like this
username = 'user1'
search_base= 'DC=subdomain1,DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
as well as user2 user2@subdomain2.ad.xxx.com like this
username = 'user2'
search_base= 'DC=subdomain2,DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
As you can see codes above are tailored for each user to look into different search_base : subdomain1 and subdomain2 accordingly
I tired to search for both user1 and user2 in a code like this with a higher level search_base= 'DC=ad,DC=xxx,DC=com' :
username = 'user1'
search_base= 'DC=ad,DC=xxx,DC=com'
search_filter = "(&({0})({1}={2}))".format(
user_filter,
user_name_attr,
username
)
res = conn.search(search_base,
search_filter,
search_scope)
but the code above doesn't find the user, only returns a list of subdomains
So the question is, if I am not doing anything wrong here, is there a way to search within multiple domains, by having a perhaps search_base with special syntax that combines multiple subdomains?
I don't want to do multiple searches and also as I mentioned the SUBTREE/higher level serach_base does not seem to work for me either
Thanks
