Powershell 列出用户的组成员身份 (Novell eDirectory) NDS LDAP答案

【问题标题】：Powershell list group membership of user (Novell eDirectory) NDS LDAPPowershell 列出用户的组成员身份 (Novell eDirectory) NDS LDAP
【发布时间】：2015-02-26 20:51:57
【问题描述】：

试图弄清楚如何根据 Novell eDir 的组成员身份映射网络共享。我通过 ADSISEARCHER 在 Technet 中找到了一个用于 ActiveDirectory 的智能脚本，该脚本在 AD 中运行良好 :)

# extract group names and removes unnecessary characters
$memberOf = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().$does.memberof -replace '^CN=([^,]+).+$','$1'

# check if user is member of group A
if($memberOf -contains "GroupA") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharename')

}

有没有机会为 NDS 使用类似的东西？据我研究，我必须使用 LDAP 连接到 NDS 并列出用户对象的所有组，但还没有太多运气。

谢谢

【问题讨论】：

标签： powershell novell edirectory

【解决方案1】：

我发现了一个有用的脚本，我只需要稍微编辑一下...

脚本的 URL： http://activedirectoryfaq.com/2014/01/searching-novell-nds-edirectory-with-powershell/

如果有人需要这个废话，我的最终脚本：

<#
.SYNOPSIS
    Mapping a network share based on a specific group membership in NDS
.DESCRIPTION
    The script is mapping a network drive, based on a NDS group membership.
    The first match wins!
#>

# --------<SET CORRESPONDING VALUES HERE >--------

# Hostname of eDir Server (e.g.: NDSSRV01):
$LDAPServer = "hostname"

# Name of BaseDN (e.g.: o=MyCompany):
$dn = "o=basedn"

# ------------------------------------------------

# set username of current logged on user
$filter = "(uid=$env:USERNAME)"

# Creating necessary objects
[reflection.assembly]::LoadWithPartialName("system.directoryservices.protocols") | out-null
$ldapIdentifier = new-object directoryservices.protocols.ldapdirectoryidentifier($LDAPServer)
$ldapConnection = new-object directoryservices.protocols.ldapconnection($ldapIdentifier,$null,0)

# Attributes to search for:
# To search for multiple use comma separated list (eg: "groupmembership","cn","emailAddress")
[string[]]$attr = "groupmembership"

# Establishing LDAP connection
$scope = $ADS_SCOPE_SUBTREE
$searchRequest = new-object directoryservices.protocols.searchrequest($dn,$filter,$ADS_SCOPE_SUBTREE,$attr)

$searchRequest.typesonly = $false
$searchRequest.sizelimit = 10
$result = [directoryservices.protocols.searchresponse]$ldapConnection.sendrequest($searchRequest)
$entry = $result.entries

# extract group names and removes unnecessary characters
$membership = $entry[0].Attributes["groupmembership"].getValues([string]) -replace '^CN=([^,]+).+$','$1'

# check if user is member of group A
if($membership -contains "GroupA") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharegroupa')
}

# check if user is member of group B
elseif($membership -contains "GroupB") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharegroupb')
}

# elseif() ... and so on

# if nothing matches, then:
else {
  Write-Host 'current user is not a member of a specified group'
}

【讨论】：