Generate role with sAMAccountName from each user of a group: Bad search filter
See original GitHub issueRef. https://github.com/dalibo/ldap2pg/issues/128
ldap2pg -V ldap2pg 4.11 psycopg2 2.7.5 (dt dec pq3 ext lo64) python-ldap 3.1.0 Python 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
OS: Centos 7
I’ve configured the yml file: ldap2pg.yml
ldap:
uri: ldap://pdc.office.company.com:389
binddn: CN=inetwork,OU=Network/Nweb Service Account,DC=office,DC=company,DC=com
user: inetwork
password: "*****"
- ldap:
base: DC=office,DC=company,DC=com
scope: sub
filter: >
(&
(objectClass=User)
(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com)
)
role:
name_attribute: sAMAccountName
options: LOGIN SUPERUSER
running the command: ldap2pg -c ./ldap2pg.yml -n -vvv
[ldap2pg.manager INFO] Querying LDAP DC=office,DC=company,DC=c… (& [ldap2pg.manager INFO] (object… [ldap2pg.ldap DEBUG] Doing: ldapsearch -Y DIGEST-MD5 -U inetwork -W -b DC=office,DC=company,DC=com -s sub ‘(& [ldap2pg.ldap DEBUG] (objectClass=User) [ldap2pg.ldap DEBUG] (memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com) [ldap2pg.ldap DEBUG] ) [ldap2pg.ldap DEBUG] ’ sAMAccountName [ldap2pg.script CRITI] Failed to query LDAP: {u’info’: ‘Resource temporarily unavailable’, ‘errno’: 11, ‘desc’: u’Bad search filter’}.
I receive the error, but if I run the command line: ldapsearch -h pdc.office.company.com -D “CN=inetwork,OU=Network/Nweb Service Account,DC=office,DC=company,DC=com” -W -Y DIGEST-MD5 -U inetwork -W -b DC=office,DC=company,DC=com -s sub ‘(&(objectClass=User)(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com))’ sAMAccountName
Enter LDAP Password: SASL/DIGEST-MD5 authentication started SASL username: inetwork SASL SSF: 128 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <DC=office,DC=company,DC=com> with scope subtree # filter: (&(objectClass=User)(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com)) # requesting: sAMAccountName # # John Doe, It Group, Network, office.company.com dn: CN=John Doe,OU=It Group,OU=Network,DC=office,DC=company,DC=com sAMAccountName: doe
It returns the sAMAccountName of related group and I cannot use the CN because is space separated. Thanks in advance.
Issue Analytics
- State:
- Created 5 years ago
- Comments:26 (23 by maintainers)
Top GitHub Comments
Hi @bersace,
I’ve tested #261 and it now fixes my issue.
Many thanks, Thomas
@thda, can you show me a snippet of YAML ?