{"id":2104,"date":"2015-06-13T22:00:52","date_gmt":"2015-06-13T14:00:52","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=2104"},"modified":"2019-06-29T07:18:48","modified_gmt":"2019-06-28T23:18:48","slug":"ldap%e7%9b%b8%e5%85%b3%e7%9f%a5%e8%af%86%e5%ad%a6%e4%b9%a0","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/2104.html","title":{"rendered":"LDAP\u76f8\u5173\u77e5\u8bc6\u5b66\u4e60"},"content":{"rendered":"<p>\u6700\u8fd1\u5bf9LDAP\u6709\u70b9\u611f\u5174\u8da3\uff08\u5f88\u65e9\u5c31\u542c\u8bf4\u8fc7\uff0c\u4f46\u4e00\u76f4\u6ca1\u6709\u53bb\u4e3b\u52a8\u4e86\u89e3\u76f8\u5173\u77e5\u8bc6\uff09\uff0c\u5148mark\u4e00\u4e9b\u521d\u770b\u4e0a\u53bb\u4e0d\u9519\u7684\u6587\u7ae0\uff0c\u540e\u671f\u6709\u65f6\u95f4\u4e86\uff08\u7b49\u81ea\u5df1\u5bf9LDAP\u7684\u77e5\u8bc6\u4e86\u89e3\u66f4\u591a\u4e86\uff09\u518d\u5c06\u672c\u6587\u5185\u5bb9\u8865\u5168\u3002<\/p>\n<h6>\u641c\u7d22\u5173\u952e\u5b57\uff1a<\/h6>\n<p>Ldap<\/p>\n<h6>\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n<ul>\n<li><a href=\"http:\/\/czmmiao.iteye.com\/blog\/1561597\" target=\"_blank\" rel=\"noopener noreferrer\">LDAP\u670d\u52a1\u539f\u7406\u8be6\u89e3(\u539f\u521b)<\/a><\/li>\n<li><a href=\"http:\/\/www.yuansir-web.com\/2011\/10\/11\/343\/\" target=\"_blank\" rel=\"noopener noreferrer\">PHP \u8bbf\u95ee LDAP<\/a><\/li>\n<li><a href=\"http:\/\/www.h3c.com.cn\/MiniSite\/Technology_Circle\/Net_Reptile\/The_Seven\/Home\/Catalog\/201309\/797632_97665_0.htm\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.h3c.com.cn\/MiniSite\/Technology_Circle\/Net_Reptile\/The_Seven\/Home\/Catalog\/201309\/797632_97665_0.htm<\/a><\/li>\n<li><a href=\"http:\/\/drops.wooyun.org\/tips\/967\" target=\"_blank\" rel=\"noopener noreferrer\">LDAP\u6ce8\u5165\u4e0e\u9632\u5fa1\u5256\u6790<\/a><\/li>\n<li><a href=\"http:\/\/www.openldap.org\/doc\/admin24\/quickstart.html\" target=\"_blank\" rel=\"noopener noreferrer\">OpenLDAP Software 2.4 Administrator&#8217;s Guide: A Quick-Start Guide<\/a><\/li>\n<li><a href=\"http:\/\/www.cnblogs.com\/obpm\/archive\/2010\/08\/28\/1811065.html\" target=\"_blank\" rel=\"noopener noreferrer\">LDAP\u5feb\u901f\u5165\u95e8<\/a><\/li>\n<li><a href=\"http:\/\/en.wikipedia.org\/wiki\/Lightweight_Directory_Access_Protocol\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/en.wikipedia.org\/wiki\/Lightweight_Directory_Access_Protocol<\/a><\/li>\n<li><a href=\"http:\/\/hi.baidu.com\/dongyuejiang\/item\/d2af278125f05d5d26ebd9a0\" target=\"_blank\" rel=\"noopener noreferrer\">LDAP\u4e2d\u7684objectClass\u4e0eAttribute<\/a><\/li>\n<\/ul>\n<p>==<\/p>\n<p><strong>Ldapsearch<\/strong><strong>\u547d\u4ee4\u7684\u5b9e\u9645\u4f7f\u7528<\/strong><\/p>\n<p>\u5728CentOS\u4e0a\u9700\u8981\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\uff1a<\/p>\n<pre class=\"lang:default decode:true\">$ sudo yum install openldap-clients<\/pre>\n<p>\u7b2c\u4e00\u6b21\u67e5\u8be2\uff1a<\/p>\n<pre class=\"lang:default decode:true\">$ ldapsearch -v -x -LLL -H \"$ldap_host\" -b \"$ldap_base\" -D \"$ldap_user\" -w \"$ldap_passwd\" \"$filter\" $attrs\n\n# ldap_initialize( ldap:\/\/x.x.x.x:389\/??base )\n# filter: ...\n# requesting: dn cn mail homePhone mobile lastLogonTimestamp description whenCreated objectGUID objectSid memberOf\n# Size limit exceeded (4)<\/pre>\n<p><strong>\u9519\u8bef\u539f\u56e0\uff1a<\/strong>\u4e00\u6b21\u67e5\u8be2\u7684entry\u592a\u591a(1000\/2000)<\/p>\n<h6>\u89e3\u51b3\u65b9\u6cd5\uff1a<\/h6>\n<p><a href=\"http:\/\/answers.splunk.com\/answers\/1538\/what-is-ldap-error-size-limit-exceeded.html\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/answers.splunk.com\/answers\/1538\/what-is-ldap-error-size-limit-exceeded.html<\/a><\/p>\n<p>1.\u4ee5LDAP\u670d\u52a1\u5668\u7ba1\u7406\u5458\u7684\u8eab\u4efd\u4fee\u6539&#8221;\u9650\u5236&#8221;\u7684\u5927\u5c0f\uff1b<\/p>\n<p>2.\u4f7f\u7528filter\u7684\u65b9\u5f0f\u8fdb\u884c\u591a\u6b21\u5c0f\u6279\u91cf\u67e5\u8be2\u3002<\/p>\n<p>In AD, the default size limit is typically 1000 entries. There is nothing you can do to change this limit unless you are the LDAP server administrator.<\/p>\n<p>In Splunk, you can use filters to reduce the number of LDAP entries returned so that you do not hit this limit.<\/p>\n<h6>\u89e3\u51b3\u65b9\u6cd5\uff1a<\/h6>\n<p><a href=\"http:\/\/www.commandlinefu.com\/commands\/view\/2779\/bypass-1000-entry-limit-of-active-directory-with-ldapsearch\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.commandlinefu.com\/commands\/view\/2779\/bypass-1000-entry-limit-of-active-directory-with-ldapsearch<\/a><\/p>\n<pre class=\"lang:default decode:true\">$ ldapsearch -v -x -LLL -H \"$ldap_host\" -b \"$ldap_base\" -D \"$ldap_user\" -w \"$ldap_passwd\" -E pr=2147483647\/noprompt \"$filter\" $attrs<\/pre>\n<ul>\n<li><a href=\"http:\/\/stackoverflow.com\/questions\/6872947\/ldap-size-limit-exceeded-catch-warning\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/stackoverflow.com\/questions\/6872947\/ldap-size-limit-exceeded-catch-warning<\/a><\/li>\n<li><a href=\"http:\/\/www.openldap.org\/lists\/openldap-software\/200609\/msg00204.html\" target=\"_blank\" rel=\"noopener noreferrer\">ldapsearch fails with limit exceeded<\/a><\/li>\n<\/ul>\n<h6>\u53c2\u8003\u89e3\u7b54\uff1a<\/h6>\n<pre class=\"lang:default decode:true\">$ type ldapsearch\nldapsearch is hashed (\/usr\/bin\/ldapsearch)\n\n$ strings \/usr\/bin\/ldapsearch | grep paged\n            [!]pr=&lt;size&gt;[\/prompt|noprompt]   (paged results\/prompt)\nInvalid entries estimate in paged results response.\n# with pagedResults %scontrol: size=%d<\/pre>\n<ul>\n<li><a href=\"https:\/\/www.ietf.org\/rfc\/rfc2696.txt\">https:\/\/www.ietf.org\/rfc\/rfc2696.txt<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/gcp\/openldap\/blob\/master\/clients\/tools\/ldapsearch.c\">https:\/\/github.com\/gcp\/openldap\/blob\/master\/clients\/tools\/ldapsearch.c<\/a><\/li>\n<li><a href=\"http:\/\/www.ldapman.org\/ldap_rfcs.html\">http:\/\/www.ldapman.org\/ldap_rfcs.html<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u8fd1\u5bf9LDAP\u6709\u70b9\u611f\u5174\u8da3\uff08\u5f88\u65e9\u5c31\u542c\u8bf4\u8fc7\uff0c\u4f46\u4e00\u76f4\u6ca1\u6709\u53bb\u4e3b\u52a8\u4e86\u89e3\u76f8\u5173\u77e5\u8bc6\uff09\uff0c\u5148mark\u4e00\u4e9b\u521d\u770b\u4e0a\u53bb\u4e0d\u9519\u7684\u6587\u7ae0\uff0c\u540e\u671f [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,6,25,12],"tags":[524,525],"class_list":["post-2104","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-other","category-security","category-tools","tag-ldap","tag-ldapsearch"],"views":5077,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=2104"}],"version-history":[{"count":2,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2104\/revisions"}],"predecessor-version":[{"id":4519,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/2104\/revisions\/4519"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=2104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=2104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=2104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}