Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Generate role with sAMAccountName from each user of a group: Bad search filter

See original GitHub issue

Ref. https://github.com/dalibo/ldap2pg/issues/128

ldap2pg -V ldap2pg 4.11 psycopg2 2.7.5 (dt dec pq3 ext lo64) python-ldap 3.1.0 Python 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

OS: Centos 7

I’ve configured the yml file: ldap2pg.yml

ldap:
  uri: ldap://pdc.office.company.com:389
  binddn: CN=inetwork,OU=Network/Nweb Service Account,DC=office,DC=company,DC=com
  user: inetwork
  password: "*****"
 - ldap:
    base: DC=office,DC=company,DC=com
    scope: sub
    filter: >
      (&
        (objectClass=User)
        (memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com)
      )
  role:
    name_attribute: sAMAccountName
    options: LOGIN SUPERUSER

running the command: ldap2pg -c ./ldap2pg.yml -n -vvv

[ldap2pg.manager INFO] Querying LDAP DC=office,DC=company,DC=c… (& [ldap2pg.manager INFO] (object… [ldap2pg.ldap DEBUG] Doing: ldapsearch -Y DIGEST-MD5 -U inetwork -W -b DC=office,DC=company,DC=com -s sub ‘(& [ldap2pg.ldap DEBUG] (objectClass=User) [ldap2pg.ldap DEBUG] (memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com) [ldap2pg.ldap DEBUG] ) [ldap2pg.ldap DEBUG] ’ sAMAccountName [ldap2pg.script CRITI] Failed to query LDAP: {u’info’: ‘Resource temporarily unavailable’, ‘errno’: 11, ‘desc’: u’Bad search filter’}.

I receive the error, but if I run the command line: ldapsearch -h pdc.office.company.com -D “CN=inetwork,OU=Network/Nweb Service Account,DC=office,DC=company,DC=com” -W -Y DIGEST-MD5 -U inetwork -W -b DC=office,DC=company,DC=com -s sub ‘(&(objectClass=User)(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com))’ sAMAccountName

Enter LDAP Password: SASL/DIGEST-MD5 authentication started SASL username: inetwork SASL SSF: 128 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <DC=office,DC=company,DC=com> with scope subtree # filter: (&(objectClass=User)(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com)) # requesting: sAMAccountName # # John Doe, It Group, Network, office.company.com dn: CN=John Doe,OU=It Group,OU=Network,DC=office,DC=company,DC=com sAMAccountName: doe

It returns the sAMAccountName of related group and I cannot use the CN because is space separated. Thanks in advance.

Issue Analytics

State:
Created 5 years ago
Comments:26 (23 by maintainers)

Top GitHub Comments

1reaction

thdacommented, Feb 19, 2019

Hi @bersace,

I’ve tested #261 and it now fixes my issue.

Many thanks, Thomas

0reactions

bersacecommented, Feb 7, 2019

@thda, can you show me a snippet of YAML ?

Top Results From Across the Web

Bad search filter on LDAP when trying to get user data

A search filter where the assertion value is samAccountName=(jtesting) should be encoded as samAccountName=\28jtesting\29 . The entire assertion value may ...

Solved: LDAP Query for Attribute - DevCentral

In my LDAP query I only have the SearchFilter defined: (SamAccountName=%{session.logon.last.username}). I assume the administrative user and Base Search DN ...

Active Directory user filter does not search nested groups

Problem. An Active Directory (AD) user object filter to pull in users from a specific group does not recursively search groups nested under ......

ldapquery an Active Directory server for users that belongs to ...

Well in that case, I want what an ldap query does when there are many records that match the filter, to return the...

LDAP Search Filter and @SEARCH@ | Security

Alternatively, is it possible to have the sponsor lookup form use more than one server definiition? I can create multiple instances pointing at...