Powershell列出用户(Novell eDirectory) NDS LDAP的组成员身份

Question

试图弄清楚，如何根据Novell eDir的组成员身份映射网络共享。我通过ADSISEARCHER在Technet中找到了一个用于ActiveDirectory的智能脚本，它在AD中运行得很好:)

# extract group names and removes unnecessary characters
$memberOf = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().$does.memberof -replace '^CN=([^,]+).+$','$1'

# check if user is member of group A
if($memberOf -contains "GroupA") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharename')

}

有没有可能在NDS中使用类似的东西？就我的研究而言，我必须使用LDAP连接到NDS并列出用户对象的所有组，但目前还没有太多的机会。

Thx

Answer 1

我发现了一个有用的脚本，我只需要稍微编辑一下…

脚本的URL：http://activedirectoryfaq.com/2014/01/searching-novell-nds-edirectory-with-powershell/

我的最后一个脚本，以防有人需要这个垃圾：

<#
.SYNOPSIS
    Mapping a network share based on a specific group membership in NDS
.DESCRIPTION
    The script is mapping a network drive, based on a NDS group membership.
    The first match wins!
#>

# --------<SET CORRESPONDING VALUES HERE >--------

# Hostname of eDir Server (e.g.: NDSSRV01):
$LDAPServer = "hostname"

# Name of BaseDN (e.g.: o=MyCompany):
$dn = "o=basedn"

# ------------------------------------------------

# set username of current logged on user
$filter = "(uid=$env:USERNAME)"

# Creating necessary objects
[reflection.assembly]::LoadWithPartialName("system.directoryservices.protocols") | out-null
$ldapIdentifier = new-object directoryservices.protocols.ldapdirectoryidentifier($LDAPServer)
$ldapConnection = new-object directoryservices.protocols.ldapconnection($ldapIdentifier,$null,0)

# Attributes to search for:
# To search for multiple use comma separated list (eg: "groupmembership","cn","emailAddress")
[string[]]$attr = "groupmembership"

# Establishing LDAP connection
$scope = $ADS_SCOPE_SUBTREE
$searchRequest = new-object directoryservices.protocols.searchrequest($dn,$filter,$ADS_SCOPE_SUBTREE,$attr)

$searchRequest.typesonly = $false
$searchRequest.sizelimit = 10
$result = [directoryservices.protocols.searchresponse]$ldapConnection.sendrequest($searchRequest)
$entry = $result.entries

# extract group names and removes unnecessary characters
$membership = $entry[0].Attributes["groupmembership"].getValues([string]) -replace '^CN=([^,]+).+$','$1'

# check if user is member of group A
if($membership -contains "GroupA") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharegroupa')
}

# check if user is member of group B
elseif($membership -contains "GroupB") {
  # map network-drive
  (New-Object -ComObject WScript.Network).MapNetworkDrive('X:','\\filer\sharegroupb')
}

# elseif() ... and so on

# if nothing matches, then:
else {
  Write-Host 'current user is not a member of a specified group'
}