You are not logged in.
Pages: 1
Hello,
Is this possible relatively easy with mORMot2 search for user in AD?
I need two functionalities:
1. Search for user and display details (attributes) based on sAMaccountName
2. List all users, groups in given domain.
Can you guys help with code?
Offline
TLdapClient can do all this.
The easiest is to first search in the code and its documentation.
After two seconds search, you would find TLdapClient high-level methods like GetUserInfo, GetGroups and GetUsers.
Offline
Thank you, simple advice, but effective.
Works like a charm! Finally some good AD stuff for Delphi/Pascal!
Offline
We are still working on it, including validating it with some huge AD (150,000 users, and 300,000 groups - don't ask me why).
It is already much faster than the ldap3 client in python: we use the mORMot LDAP client instead of python's now for our IT code.
And it has some unique features, like the automatic detection of the local AD using CLDAP broadcasting over the network.
Offline
Good, only tough tests can reveals issues...so 150k, 300k are not "too big"
btw: LdapClient.GetUsers, is any problem known for users 1000+ or some special usage needed?
If more than 1000 I'm gettings 0 found, if tested on about 850 then listed all and worked perfect.
Last edited by johnnysynop (2024-12-01 23:57:51)
Offline
Ah you are right, pagination were not enabled for this method.
Please try
https://github.com/synopse/mORMot2/commit/5ab2fa97
It should be enabled now for all high-level GetUser GetGroups GetComputers methods.
Offline
Number of users found: 6657
...
...
All listed.
Works brilliantly, thank you.
Last edited by johnnysynop (Yesterday 09:08:52)
Offline
@ab,
I found another possible issue, or maybe I'm missing something.
It seems that domain local groups (gtDomainLocal) are not included in the group listing returned by GetGroups (with no filter applied).
If this is the default behavior, how can I force it to include all groups?
Currently, all 'Security Group - Domain Local' type groups are missing from the list. From that scr: https://i.imgur.com/PXLMGeQ.png
Last edited by johnnysynop (Yesterday 12:32:46)
Offline
If you leave FilterUac and UnFilterUac to their default [] there should be no restriction in the generated filter.
The filter used should be '(sAMAccountType=268435456)' which should return all groups.
Or is this filter wrong?
Perhaps we should also include satNonSecurityGroup = 268435457
(I am no AD expert myself)
Offline
Yep, I thought the same that no filter should return all, so it's not returning all
Sounds like bug, it should work on this filter
Groups := LdapClient.GetGroups(
[],
[],
'',
'',
'',
nil
//
);
I have tried also with different values
Groups := LdapClient.GetGroups(
[],
[],
'',
'(sAMAccountType=268435456)',
'',
nil,
atDistinguishedName
);
Last edited by johnnysynop (Yesterday 13:55:38)
Offline
To be super clear.
1. Testing on latest todays commits with pagination fix
2. I have 130 groups, mORMot finds me 125 count and listing 125 - missing totally those 5 groups from screenshot https://i.imgur.com/PXLMGeQ.png :
type "Security Group - Domain Local" (with attr as below)
groupType= "-2147483644"
sAMAccountType= "536870912"
With no filter, it should simply list it too.
With or without different filters anyway those are missing.
Last edited by johnnysynop (Yesterday 14:15:24)
Offline
How to use it? Assuming code above? I doubt it will help...
Perhaps we should also include satNonSecurityGroup = 268435457
(I am no AD expert myself)
Offline
In fact, after discussion here with my local AD experts, sounds like if we should not use sAMAccountType at all.
We will use object classes, with some caveats (e.g. that a computer inherits from the user objectclass).
Stay tuned.
Offline
OK, I have made a huge refactoring of the LDAP client unit, introducing a new TObjectFilter enumerate.
In fact, having the proper filter e.g. for users, computers or groups is kind of complex, because sAMAccountType=% does not work as we expected.
For your particular issue, please try GetGroups() with
https://github.com/synopse/mORMot2/commit/d6b2c5ec
Now I can see local groups returned.
Offline
Pages: 1