manager.py chokes on special characters in dn
See original GitHub issueIf the distinguished name of a user contains special characters, e.g. CN=Markus Gräßer,OU=my_group,dc=example,dc=com
(name changed), execution of ldap2pg fails in apply_role_rules. The following error is thrown:
[ldap2pg.script CRITICAL] Failed to process ('CN=Markus Gr\xc3\xa4\xc3\x9fer: 'ascii' codec can't decode byte 0xc3 in position 12: ordinal not in range(128)
I worked around it by changing apply_role_rules
def apply_role_rules(self, rules, entries):
for rule in rules:
for raw_entry in entries:
entry = (
raw_entry[0].decode('unicode_escape').encode('iso8859-1').decode('utf8'),
raw_entry[1]
)
try:
for role in self.process_ldap_entry(entry=entry, **rule):
yield role
except ValueError as e:
msg = "Failed to process %.32s: %s" % (entry, e,)
raise UserError(msg)
The decoding line is a shameless copy from https://stackoverflow.com/a/6956914 (my python is limited).
This is on Centos 7.4.1708 with epel and pgdg-96-centos repository. ldap2pg was build according to https://ldap2pg.readthedocs.io/en/latest/install/ (the rpm in the pgdp-96 repo does not include all dependencies, but that is a bug report for the maintainer of the rpm).
Issue Analytics
- State:
- Created 6 years ago
- Comments:11 (7 by maintainers)
Top Results From Across the Web
DN escaping rules - IBM
Method 1: If a character to be escaped is one of special characters, precede it by a backslash ( \ ASCII 92). ·...
Read more >Query DN with special characters #65 - GitHub
hi, I have user with special chars like aaaá. i used code like we ... '(distinguishedName=CN=aaa\E1 special,CN=Users,DC=dev,DC=sisense ...
Read more >string.find() in python cannot handle special characters
The answer is to open the file using 'rb' mode. On Windows, opening the file with just 'r' will cause it to use...
Read more >Escaped Characters in Distinguished Names within Search ...
When using a DN in any part of Directory Server, you must escape commas and certain other special characters with a backslash (\\)....
Read more >DN Escape Values - Ldapwiki
However, some must be escaped with the backslash "\" Escape character. LDAP requires that the following characters be escaped: Name, Character.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@bersace, I changed a few values to make the entries anonymous in the example below. If you need an original entry I will send it via mail if that is fine with you. I did not notice earlier that the dn returned by ldapsearch is given as base64 string, if it contains Umlaute (ä, ß in this case).
@bersace, yes the dry run works as expected. I continue deployment and testing this week. Thanks a lot. 😃