Hi!
I have a python script that gets a list of UIDs of members of a group like this
ldap_server = "controller.office.domain.co.uk"
ldap_base = "cn=" + group + ",cn=groups,dc=office,dc=domain,dc=co,dc=uk"
filter_str="memberUid=*"
con = ldap.initialize("ldap://" + ldap_server + ":7389")
s = con.simple_bind_s("uid=" + username + ",cn=users,dc=office,dc=domain,dc=co,dc=uk", password)
result = con.search_s(ldap_base, ldap.SCOPE_BASE, filter_str)
How do I exclude people who have deactivated accounts from appearing in this search?
I have found this ldapsearch filter works to give me a list of all the active users
univention-ldapsearch -LLL '(&(objectClass=person)(mailPrimaryAddress=*)(!(krb5KDCFlags:1.2.840.113556.1.4.803:=128))(!(shadowExpire=*))(!(sambaAcctFlags=[UL ]))(!(sambaAcctFlags=[UD ])))' uid
but I can’t see how to make it work in the python script – or how to limit to one group using ldapsearch.
many thanks, Julian