-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected LDAP failure reading group members: character ' ' not allowed in attribute type #725
Comments
ldap3 has validation for this here: Im not sure we can do anything about this but maybe we can dig deeper. I am not able to reproduce this with the following username with active directory. It looks like they may be using openldap implementation? |
Unfortunately, I don't know if there is much we can do here. We can't revert to @Luci2015 - you may want to raise this as a potential bug for the |
this was mainly raised for visibility, ldap3 changed their logic as per the RFC, so not expecting a roll-back [EDIT]: I made this test to prove (note the spaces inside the DN):
I think what we can do at most in this case is that for whoever uses two_step_lookup to put the try-except routine inside the Note, the space and other special chars will not impact if they are added inside the group, ou or CN of teh object (i.e. this is not returning exception: |
Description
Error reading group members from oracle LDAP gives the error :
Unexpected LDAP failure reading group members: character ' ' not allowed in attribute type
This is the space char that the error refers to.
Steps to reproduce
the ldap setup:
Since this error was seen before in AD connections where the base_dn with spaces inside the value, such as:
base_dn: "dc=domain, dc=local"
, I tried to fix the username value so that the space betweenSpecial Users
be escaped, such as:username: "uid=adobesync,ou=Special\ Users,dc=domain,dc=local"
The tool run OK for a couple of groups, then fails with same error:
Unexpected LDAP failure reading group members: character ' ' not allowed in attribute type
Another test was made with an username value that had no space char in the DN; the tool fails to read all members of all groups, just like in the escaped space workaround.
This does not happen in 2.3; I'm suspecting an update of the ldap3 package and also I suspect it is also linked to the data extracted from the ldap, since all that went in had no space.
Expected behavior
no error
Environment
The text was updated successfully, but these errors were encountered: