Einzelnen Beitrag anzeigen

Kas Ob.

Registriert seit: 3. Sep 2023
353 Beiträge
 
#8

AW: Active Directory und Trusted Domain

  Alt 23. Nov 2023, 09:26
Zitat:
sSQL := 'select memberof from ''LDAP://' + sDomain +
''' where objectClass=''foreignSecurityPrincipal'' and Name=' + QuotedStr(sSID);
Das detaillierte Ausgeben von Typ etc hat zumindest aufgezeigt, dass "memberof" da gar nicht als Attribut vorkommt. Aber LDAP liefert da keine fehler, sondern Null. Gut, zumindest das ist jetzt klar.
Jetzt muss ich nur mehr die Gruppen in der Trusted Domain finden.
Of course "MemeberOf" is not an attribute, it is full blown Object Class with attributes, just like the User and its SID.
I think you need to refine the query and go after "Ldap-Display-Name" from https://learn.microsoft.com/en-us/wi...ectedfrom=MSDN

I am sorry if i still missing something, though i don't want to waste your time, but it doesn't make sense to me to make the SQL query answer and parse the security objects, it logical to parse the SQL outside the AD controller, and make it use the standard query with filters to talk with the controller, also the controller should NOT be parsing any SQL, while the LDAP SQL parser should NOT be able to parse the details of the Objects, thus minimizing the attack surface, here why the filters should work and in my opinion it is the only way, again this is my take in designing such critical system, in other words the SQL here is merely an interpreter for AD query.
Kas
  Mit Zitat antworten Zitat