-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to perform the cross domain forest user search. #522
Comments
Hi, I can replicate your first point, but it seems this is the regular behavior of the Active Directory. The go-ldap library has no special implementations for specific directory servers, like Active Directory, OpenLDAP or 389 Server, except for a few LDAP controls. I cannot replicate point 2, in a domain with atleast one trusts I can query the trust objects. |
@cpuschma thanks for reply. |
Hi @cpuschma could you please provide any suggestion. there is use case to perform the cross domain AD forest user search. if there are different sub domain in the same forest. i am able to perform the search . but when i am trying to perform the cross domain user search using go-ldap i am getting error. in the python that has LDAP libraries with support for cross-domain searches. For example, the ldap3 library in Python supports automatic referral chasing, which can handle cross-domain searches. When i see there is no feature auto-referal available in the go-ldap library. we need to achieve this in the golang using go-ldap library. is there alternative i can achieve this please do let me know as soon as possible. |
Hi ,
i have the forest setup forest1 ( ex1.local) and forest2 (ex2.local) . i have created bidirectional trust between these two.
when i created bind with user in ex1.local and perform the search of user in the ex2.local im getting 0 results.
two approaches i followed:
searchRequest := ldap.NewSearchRequest(
"", // The base dn is empty for GC server
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(&(objectClass=organizationalPerson)(displayName=%s))", "denis"), // The filter
[]string{"dn", "cn", "displayName"}, // A list attributes to retrieve
nil,
)
this returning only the user present in the ex1.local . denis is present in the ex2.local also but that user details is not getting retrieved.
but its giving 0 results.
searchRequest := ldap.NewSearchRequest(
"DC=ex1,DC=local", // The base dn to search
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"(objectClass=trustedDomain)", // The filter to apply
[]string{"trustPartner", "trustDirection", "trustType"}, // A list attributes to retrieve
nil,
)
this gives the trustpartner (ex2.local), trustType:2 , trustDirection:3
using this detial im perfroming user search, but i am getting 0 results
userSearchRequest := ldap.NewSearchRequest(
"DC=ex2,DC=local", // The base dn to search
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"(&(objectClass=user)(cn=usrtest))", // The filter to apply
[]string{"cn", "mail", "memberOf"}, // A list attributes to retrieve
nil,
)
3)use the Trust DistinguishName detail in the baseDN . I have fetched using the powershell command in the ex1.local AD **Get-ADTrust -Filter *** . but getting zero results.
userSearchRequest := ldap.NewSearchRequest(
"CN=ex2.local,CN=System,DC=ex1,DC=local", // The base dn to search
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"(&(objectClass=user)(cn=usrtest))", // The filter to apply
[]string{"cn", "mail", "memberOf"}, // A list attributes to retrieve
nil,
)
Please let me know does go-ldap is not supported yet for cross domain search ?
The text was updated successfully, but these errors were encountered: