Closed styleex closed 7 years ago
I'm planning to add this control, but first I need to configure an Active Directory test environment on AppVeyor which takes time.
Also, I need some insights from you how this control can be used:
<GUID=xxxxxxxx>;<SID=yyyyyyyyy>;distinguishedName
format will break the regex for the LDAPDN object and generally doesn't seem like a good idea to assign the extended format to the LDAPEntry's dn attribute. Would it help if the LDAPEntry objects have a separate readonly extended_dn attribute that would store the extended DN as string? In my case, I want to get the user list with his list of security groups GUID in a single request (and their GUID). Algoritm without extended_dn control:
I think, what separate extended_dn attribute is the best variant.
I see, didn't think about that one. Thank you, I will look into it as soon as possible.
New set_extended_dn method is added to LDAPClient to set extended dn control in the new release (v0.8.9) which is just published. Please, try it and if you find any bug or have some ideas about improving the module about extended DN feel free to reopen this issue or open a new one.
It's protocol extension is very useful for query the user with his list of security groups GUID in a single request
More info: https://msdn.microsoft.com/en-us/library/aa366980(v=vs.85).aspx http://ldap3.readthedocs.io/ldap3.protocol.microsoft.html#ldap3.protocol.microsoft.ExtendedDN