How to list own Active Directory group memberships with Python LDAP3?

Question

I log in to Active Directory, then I want to list my own group memberships with Python ldap3 library.

server = Server('server.company.local', get_info=ALL)
conn = Connection(server, user="company\\user", password="password", authentication=NTLM, auto_bind=True)
print(conn.extend.standard.who_am_i())

This code only shows user name (like whoami cmd command), but i want to list my groups (like whoami /groups command). Unfortunately I dont have the rights to make different searches on the Domain controller, thats why (perhaps) the following code returns empty string:

conn.search("dc=name,dc=company,dc=local","(&(sAMAccountName={}))".format("company\\myusername")
            ,attributes=['memberOf'])

How can i list my own group membership, like whoami /groups does?

score 0 · Answer 1 · answered Nov 10 '20 at 17:41

0

Active Directory generally allows all authenticated users to read a lot of attributes, including memberOf. Check the number of records returned for your search. I expect you are finding zero records with that search. sAMAccountName values do not generally contain the "company\" component but are just "myusername".

answered Nov 10 '20 at 17:41

LisaJ

1,666
1
12
18

I tried the same with sAMAccountName=myusername too, but i still get zero records. – Deer Nov 10 '20 at 20:19

score 0 · Answer 2 · answered Nov 11 '20 at 06:10

0

The problem was the search base in my search: I replaced "dc=name,dc=company,dc=local" to "dc=company,dc=local" It works fine.

answered Nov 11 '20 at 06:10

Deer

131
1
7

How to list own Active Directory group memberships with Python LDAP3?

2 Answers2