Project

General

Profile

Actions

Task #7764

closed

Dirty LDAP entries

Added by Timothée Floure over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
-
Start date:
02/22/2020
Due date:
% Done:

0%

Estimated time:
PM Check date:

Description

The customer tree of our production LDAP environment contains dirty entries created by dynamicweb:

  • The `uid` field is duplicated and the 'primary' (= used in DN) one is corrupted somehow: @b'intended_username'
    • Looks like python bytestring (or whatever it is called).

Steps:

  • fix dynamicweb so that new entries are correct.
  • clean existing entries.

Relevant links:

Actions #1

Updated by Timothée Floure over 2 years ago

  • Assignee changed from Timothée Floure to Mondi Ravi
Actions #2

Updated by Mondi Ravi over 2 years ago

Okay, here's the rough code that checks if a given uid has a bytestring type representation, and then modifies it to have the correct value.

# import class and constants
from ldap3 import Server, Connection
from django.conf import settings
import ldap3

# define the server
s = ldap3.Server(settings.AUTH_LDAP_SERVER)

# define the connection
c = ldap3.Connection(s, user=settings.LDAP_ADMIN_DN,
                     password=settings.LDAP_ADMIN_PASSWORD,
                     raise_exceptions=True)

c.bind()

# uid to search and modify
uid="coderpurple12gmailcom" 

result = c.search(
                search_base=settings.ENTIRE_SEARCH_BASE,
                search_filter='(uid={uid})'.format(uid=uid)
        )
entries = c.entries
if entries[0].entry_dn.startswith("uid=b'"):
    dn =  entries[0].entry_dn
    new_superior = dn[dn.index(",")+1:]
    c.modify_dn(entries[0].entry_dn,                # dn
                "uid={uid}".format(uid=uid),        # relative_dn
                True,                               # delete_old_dn
                new_superior)                       # new_superior
print(c.result)

# close the connection
c.unbind()

Next step: need to loop through all entries and apply this change.

Actions #3

Updated by Mondi Ravi over 2 years ago

  • Status changed from New to In Progress
Actions #4

Updated by Mondi Ravi over 2 years ago

  • Status changed from In Progress to Resolved

This was resolved on 2.10.2b https://code.ungleich.ch/ungleich-public/dynamicweb/-/tags/2.10.2b and deployed to production today.

Actions #5

Updated by Mondi Ravi over 2 years ago

this is the final code that I used for modifying existing entries.

from ldap3 import Server, Connection
from django.conf import settings
import ldap3
import sys

# define the server
s = ldap3.Server(settings.AUTH_LDAP_SERVER)

# define the connection
c = ldap3.Connection(s, user=settings.LDAP_ADMIN_DN,
                     password=settings.LDAP_ADMIN_PASSWORD,
                     raise_exceptions=True)

c.bind()

# uid to search and modify
uid_number_start=10053
uid_number_end=10400
x = range(uid_number_start, uid_number_end, 1)
for uid_number in x:
    print("%s" % uid_number)
    result = c.search(
        search_base=settings.LDAP_CUSTOMER_DN,
        search_filter='(&(objectClass=inetOrgPerson)(objectClass=posixAccount)'
        '(objectClass=top)(uidNumber={uidNumber}))'.format(uidNumber=uid_number),
        attributes=['uid', 'mail']
    )
    entries = c.entries
    if len(entries)>0:
        print(str(entries[0].mail) + " --- " + str(entries[0].entry_dn))
        if entries[0].entry_dn.startswith("uid=b'"):
            uid = entries[0].uid[0]
            dn =  entries[0].entry_dn
            new_superior = dn[dn.index(",")+1:]
            print("dn=%s, new_superior=%s, uid=%s" % (dn, new_superior, uid))
            c.modify_dn(entries[0].entry_dn, "uid={uid}".format(uid=uid),True, new_superior)
            print(c.result)
        else:
            print("Entry DN %s does not start with b'" % entries[0].entry_dn)
    else:
        print("Could not find an entry for uid_number=%s" % uid_number)
    print("*******")

# close the connection
c.unbind()
Actions #7

Updated by Nico Schottelius over 2 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF