I'm using Sharepoint in combination with Nintex. The possibility to query the ldap is available via Nintex, and basic querying actions work well! Now I am trying to get an array or collection of the groups the user is member of.. i've tried
我正在将Sharepoint与Nintex结合使用。通过Nintex可以查询ldap,基本的查询操作也很有效!现在我正在尝试获取用户所属的组的数组或集合..我已经尝试过了
(&(objectCategory=group)(member=cn={itemproperty:ldapName},dc=MyDomain))
Unfortunately this does not work, I'm not getting a response back from the logging nor can I find any other solution...
不幸的是,这不起作用,我没有从日志记录中得到回复,也没有找到任何其他解决方案......
any tips or help on this issue would be greatly appreciated!
任何有关此问题的提示或帮助将不胜感激!
Erik
1 个解决方案
#1
You will need to retrieve the "memberOf" attribute from your user to get a list of groups he's a direct member of.
您需要从用户检索“memberOf”属性以获取他直接成员的组列表。
I say direct because there are nested groups (User being member of Group A, which in turn is member of Group B) and those won't be returned.
我说是直接的,因为有嵌套组(用户是组A的成员,而后者又是组B的成员),并且不会返回这些组。
Also, the primary group (usually "Users") is not being returned by the "memberOf" attribute either.
此外,“memberOf”属性也不返回主要组(通常为“Users”)。
Marc
PS: If you can use .NET 3.5, there's a newer AD interface exposing users as strongly typed objects - see the excellent article by Joe Kaplan and Ethan Wilansky.
PS:如果你可以使用.NET 3.5,那么有一个较新的AD接口将用户暴露为强类型对象 - 请参阅Joe Kaplan和Ethan Wilansky撰写的优秀文章。
There, you can grab a user and then just call .GetAuthorizationGroups on the user object and you're done!
在那里,你可以抓住一个用户,然后只需在用户对象上调用.GetAuthorizationGroups就可以了!
#1
You will need to retrieve the "memberOf" attribute from your user to get a list of groups he's a direct member of.
您需要从用户检索“memberOf”属性以获取他直接成员的组列表。
I say direct because there are nested groups (User being member of Group A, which in turn is member of Group B) and those won't be returned.
我说是直接的,因为有嵌套组(用户是组A的成员,而后者又是组B的成员),并且不会返回这些组。
Also, the primary group (usually "Users") is not being returned by the "memberOf" attribute either.
此外,“memberOf”属性也不返回主要组(通常为“Users”)。
Marc
PS: If you can use .NET 3.5, there's a newer AD interface exposing users as strongly typed objects - see the excellent article by Joe Kaplan and Ethan Wilansky.
PS:如果你可以使用.NET 3.5,那么有一个较新的AD接口将用户暴露为强类型对象 - 请参阅Joe Kaplan和Ethan Wilansky撰写的优秀文章。
There, you can grab a user and then just call .GetAuthorizationGroups on the user object and you're done!
在那里,你可以抓住一个用户,然后只需在用户对象上调用.GetAuthorizationGroups就可以了!