为中的每个对象类查找可修改的系统属性
我们可以看到作为systemMayContain属性列表一部分的属性是用户可修改的。如果我们考虑computer对象类。下面是对象类( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY (cn $ networkAddress $ localPolicyFlags $ defaultLocalPolicyObject $ machineRole $ location $ netbootInitialization $ netbootGUID $ netbootMachineFilePath $ siteGUID $ operatingSystem $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ volumeCount $ physicalLocationObject $ dNSHostName $ policyReplicationFlags $ managedBy $ rIDSetReferences $ catalogs $ netbootSIFFile $ netbootMirrorDataFile $ msDS-AdditionalDnsHostName $ msDS-AdditionalSamAccountName $ msDS-ExecuteScriptPassword $ msDS-KrbTgtLink $ msDS-RevealedUsers $ msDS-NeverRevealGroup $ msDS-RevealOnDemandGroup $ msDS-RevealedList $ msDS-AuthenticatedAtDC $ msDS-isGC $ msDS-isRODC $ msDS-SiteName $ msDS-PromotionSettings $ msTPM-OwnerInformation $ msTSProperty01 $ msTSProperty02 $ msDS-IsUserCachableAtRodc $ msDS-HostServiceAccount $ msTSEndpointData $ msTSEndpointType $ msTSEndpointPlugin $ msTSPrimaryDesktopBL $ msTSSecondaryDesktopBL $ msTPM-TpmInformationForComputer $ msDS-GenerationId $ msImaging-ThumbprintHash $ msImaging-HashAlgorithm $ netbootDUID $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )的定义
下面是列表systemMayContain属性"systemMayContain":["msImaging-HashAlgorithm","msImaging-ThumbprintHash","msDS-GenerationId","msTPM-TpmInformationForComputer","msTSSecondaryDesktopBL","msTSPrimaryDesktopBL","msTSEndpointPlugin","msTSEndpointType","msTSEndpointData","msDS-HostServiceAccount","msDS-IsUserCachableAtRodc","msTSProperty02","msTSProperty01","msTPM-OwnerInformation","msDS-RevealOnDemandGroup","msDS-NeverRevealGroup","msDS-PromotionSettings","msDS-SiteName","msDS-isRODC","msDS-isGC","msDS-AuthenticatedAtDC","msDS-ExecuteScriptPassword","msDS-RevealedList","msDS-RevealedUsers","msDS-KrbTgtLink","volumeCount","siteGUID","rIDSetReferences","policyReplicationFlags","physicalLocationObject","operatingSystemVersion","operatingSystemServicePack","operatingSystemHotfix","operatingSystem","networkAddress","netbootSIFFile","netbootMirrorDataFile","netbootMachineFilePath","netbootInitialization","netbootDUID","netbootGUID","msDS-AdditionalSamAccountName","msDS-AdditionalDnsHostName","managedBy","machineRole","location","localPolicyFlags","dNSHostName","defaultLocalPolicyObject","cn","catalogs"]
如果我们考虑msImaging-HashAlgorithm, msImaging-ThumbprintHash, msTPM-TpmInformationForComputer, msTSEndpointPlugin, msTSEndpointType, msTSEndpointData, msDS-HostServiceAccount, msTSProperty02, msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup, msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-AuthenticatedAtDC, msDS-RevealedUsers, msDS-KrbTgtLink, volumeCount, rIDSetReferences, policyReplicationFlags, physicalLocationObject, operatingSystemVersion, operatingSystemServicePack, operatingSystemHotfix, operatingSystem, networkAddress, managedBy, machineRole, location, localPolicyFlags, dNSHostName, defaultLocalPolicyObject, cn, catalogs,这些字段是用户可修改的,也是systemMayContain列表的一部分。当在创建Computer对象时尝试设置值时,它允许。有没有办法只知道不允许用户输入的系统字段?谢谢。
回答 1
Stack Overflow用户
发布于 2020-01-07 14:27:47
此信息特定于Active。MSDN为每个模式属性(例如,CN )提供了文档,如果该属性是“仅系统”或不为“系统”,则为该文档。
对于自动化过程,使用过滤器cn=schema,cn=configuration,dc=example,dc=com搜索基本(&(ldapDisplayName=AttributeName))并返回systemOnly的值。这表明operatingSystemServicePack是用户可写的。
***Searching...
ldap_search_s(ld, "cn=schema,cn=configuration,dc=example,dc=com", 2, "(&(ldapDisplayName=operatingSystemServicePack))", attrList, 0, &msg)
Getting 1 entries:
Dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,dc=example,dc=com
systemOnly: FALSE; 还可以使用筛选器(&(systemOnly=TRUE))并返回ldapDisplayName,列出所有系统专用属性。
***Searching...
ldap_search_s(ld, "cn=schema,cn=configuration,dc=example,dc=com", 2, "(&(systemOnly=TRUE))", attrList, 0, &msg)
Getting 189 entries:
Dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: oMObjectClass;
Dn: CN=Canonical-Name,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: canonicalName;
Dn: CN=Managed-Objects,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: managedObjects;
Dn: CN=MAPI-ID,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: mAPIID;
Dn: CN=Mastered-By,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: masteredBy;
Dn: CN=Top,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: top;
Dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: nTDSDSARO;
Dn: CN=Application-Process,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: applicationProcess;
...https://stackoverflow.com/questions/59611514
复制相似问题
腾讯云开发者
