LDAP search with username as variable

心不动则不痛 提交于 2019-12-12 02:43:18

问题


I am using the Python-LDAP module and trying to make a query on the logged in user. The username will be passed into the query. When I simply type the username in as a string my results come out correctly.

But if I try to pass the (username) variable it returns LDAPError - FILTER_ERROR: {'desc': u'Bad search filter'} I've tried a number of different combinations but continue to get the same error returned. Any insight here would be great!

Edited for Minimal, Complete, and Verifiable example:

import ldap

LDAP_SERVER = "ldap://myldapserver.domain.ad:389"
username = r"domain\serviceAccount"
password = "Password"

l = ldap.initialize(LDAP_SERVER)
def login(username, password):
    try:
        l.simple_bind_s(username, password)
        base = "OU=Users,OU=Group,DC=domain,DC=ad"

        criteria = "(&(objectClass=user)(sAMAccountName=anActualUsername))" #WORKS    
        criteria = '(&(objectClass=user)(sAMAccountName=%s))' % username #DOESNT WORK
        criteria = "(&(objectClass=user)" + "(sAMAccountName=" + username + "))" #DOESNT WORK

        attributes = ['displayName']
        result = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes)
        print result
    except ldap.INVALID_CREDENTIALS:
        return False
    return True

login(username,password)

回答1:


In the "WORKS" case, your filter string contains a simple name with no domain:

    (&(objectClass=user)(sAMAccountName=bobsmith))

In the "DOESN'T WORK" case, you use a name with a domain:

    (&(objectClass=user)(sAMAccountName=domain\serviceAccount)

The character \ is not allowed in a filter string unless it is escaped.

How to fix this depends upon the data present in your ldap server. Perhaps this:

criteria = '(&(objectClass=user)(sAMAccountName=%s))' % (
    username if '\\' not in username else username.split('\\')[1])

Or perhaps this:

criteria = '(&(objectClass=user)(sAMAccountName=%s))' % (
    ldap.filter.escape_filter_chars(username))



回答2:


Did you try to encode your string ?

criteria = ('(&(objectClass=user)(sAMAccountName=%s))' % username).encode('utf8')



回答3:


I needed to use ldap.filter.filter_format for proper character escaping.

import ldap.filter

criteria= ldap.filter.filter_format('(&(objectClass=user)(sAMAccountName=%s))', [username])


来源:https://stackoverflow.com/questions/40476182/ldap-search-with-username-as-variable

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!