ldap2pg: Generate role with sAMAccountName from each user of a group: Bad search filter

Ref. https://github.com/dalibo/ldap2pg/issues/128

ldap2pg -V ldap2pg 4.11 psycopg2 2.7.5 (dt dec pq3 ext lo64) python-ldap 3.1.0 Python 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

OS: Centos 7

I’ve configured the yml file: ldap2pg.yml

ldap:
  uri: ldap://pdc.office.company.com:389
  binddn: CN=inetwork,OU=Network/Nweb Service Account,DC=office,DC=company,DC=com
  user: inetwork
  password: "*****"
 - ldap:
    base: DC=office,DC=company,DC=com
    scope: sub
    filter: >
      (&
        (objectClass=User)
        (memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com)
      )
  role:
    name_attribute: sAMAccountName
    options: LOGIN SUPERUSER

running the command: ldap2pg -c ./ldap2pg.yml -n -vvv

[ldap2pg.manager INFO] Querying LDAP DC=office,DC=company,DC=c… (& [ldap2pg.manager INFO] (object… [ldap2pg.ldap DEBUG] Doing: ldapsearch -Y DIGEST-MD5 -U inetwork -W -b DC=office,DC=company,DC=com -s sub ‘(& [ldap2pg.ldap DEBUG] (objectClass=User) [ldap2pg.ldap DEBUG] (memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com) [ldap2pg.ldap DEBUG] ) [ldap2pg.ldap DEBUG] ’ sAMAccountName [ldap2pg.script CRITI] Failed to query LDAP: {u’info’: ‘Resource temporarily unavailable’, ‘errno’: 11, ‘desc’: u’Bad search filter’}.

I receive the error, but if I run the command line: ldapsearch -h pdc.office.company.com -D “CN=inetwork,OU=Network/Nweb Service Account,DC=office,DC=company,DC=com” -W -Y DIGEST-MD5 -U inetwork -W -b DC=office,DC=company,DC=com -s sub ‘(&(objectClass=User)(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com))’ sAMAccountName

Enter LDAP Password: SASL/DIGEST-MD5 authentication started SASL username: inetwork SASL SSF: 128 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <DC=office,DC=company,DC=com> with scope subtree # filter: (&(objectClass=User)(memberOf=CN=SQL-DBA,OU=SQL Groups,DC=office,DC=company,DC=com)) # requesting: sAMAccountName # # John Doe, It Group, Network, office.company.com dn: CN=John Doe,OU=It Group,OU=Network,DC=office,DC=company,DC=com sAMAccountName: doe

It returns the sAMAccountName of related group and I cannot use the CN because is space separated. Thanks in advance.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 26 (23 by maintainers)

Most upvoted comments

Hi @bersace,

I’ve tested #261 and it now fixes my issue.

Many thanks, Thomas

+1
thda on Feb 19, 2019
Read more comments on GitHub
← XiaoMi-Pro-Hackintosh: Internal Intel WiFi cannot connect to any network after upgrade to Sonoma
ldap2pg: I am owner in the database and schema but i can't view the tables  →