Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unknown attribute u'samaccountname' after drop of attributes parameter in 4.2

See original GitHub issue

Unknown attribute u’samaccountname’ after drop of attributes parameter in 4.2

With release 4.2 the attributes parameter was dropped from the ldap part of the configuration. Here this results in in critical Unknown attribute u'samaccountname' errors directly after the ldap search.

4.1 log

Doing: ldapsearch -x -D cn=mybinduser,ou=Functional Users,ou=Users,ou=IDIV,dc=idiv,dc=de -W -b ou=AAI,dc=idiv,dc=de -s sub '(memberOf:1.2.840.113556.1.4.1941:=cn=g_r_postgres01-KREINITZ_rw,ou=FunctionalGroups,ou=Groups,ou=IDIV,dc=idiv,dc=de)' sAMAccountName

Got 3 entries from LDAP.
Found role redac t. ed from CN=redac ted,OU=German Centre for Integrative Biodiversity Research,OU=Mitarbeiter,OU=AAI,DC=idiv,DC=de sAMAccountName.
[…]
Found ACL item ddl on KREINITZ.* for * to kreinitz_owner (granted) in LDAP.
[…]

4.2 log

Doing: ldapsearch -x -D cn=mybinduser,ou=Functional Users,ou=Users,ou=IDIV,dc=idiv,dc=de -W -b ou=AAI,dc=idiv,dc=de -s sub '(memberOf:1.2.840.113556.1.4.1941:=cn=g_r_postgres01-KREINITZ_rw,ou=FunctionalGroups,ou=Groups,ou=IDIV,dc=idiv,dc=de)' sAMAccountName
[ldap2pg.manager     DEBUG] Got 3 entries from LDAP.
[ldap2pg.script   CRITICAL] Failed to process CN=redac t. ed,OU=German Centre for Integra: Unknown attribute u'samaccountname'

It might(!) be related to the base search string. The users are in …,ou=AAI,dc… while the groups are in …,ou=IDIV,dc…. Using the dc… as base search string does work for ldapsearch but for some reason not via ldap2pg. With ldapsearch you actually need to omit the ou as it would not find the users which are in the ou=AAI,dc… if the base search string points to ou=IDIV,dc…

[ldap2pg.script   CRITICAL] Failed to query LDAP: {'info': '000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0', 'desc': 'Operations error'}.

Issue Analytics

State:
Created 6 years ago
Comments:11 (5 by maintainers)

Top GitHub Comments

1reaction

joshlkcommented, Jan 25, 2018

I’m getting this issue as well. I debugged the ldap2pg code and I think this is the issue:

https://github.com/dalibo/ldap2pg/blob/1281c3d27cc8403175d1c1b4b7c0e5dac03b139b/ldap2pg/ldap.py#L68

The returned attribute dictionary looks like:

attributes = {'sAMAccountName': [b'joshlk']}

But as you lowercase the path it looks for the key samaccountname in the attributes dict and returns an error.

I have only just started using ldap2pg so this may be intentional or I’m using the config wrong, so sorry for the newbie question

0reactions

jrjsmrtncommented, Jun 28, 2018

forget it, I misread 4.10 as 4.1.0 :-q

Top Results From Across the Web

Get-CsOnlineUser (SkypeForBusiness)

The Get-CsOnlineUser cmdlet returns information about users who have accounts homed on Microsoft Teams or Skype for Business Online.

smb.conf

The smb.conf file is processed in the following way: The Samba suite's client applications read ... Parameters define the specific attributes of sections....

Local EAP Authentication on the Wireless LAN Controller ...

This section explains using the LDP utility to identify the specific attributes associated to the user user2. Some of these attributes are used ......

'Unknown attribute' error in controller - ruby on rails

It is likely that you are using has_secure_password and you have not enabled it correctly. has_secure_password adds two virtual attributes ...

Apache Karaf Container 4.x - Documentation

Hot deployment: simply drop a file in the deploy directory, Apache Karaf will ... You should see the following information on the command...