Actions
Task #7764
closedDirty LDAP entries
Start date:
02/22/2020
Due date:
% Done:
0%
Estimated time:
PM Check date:
Description
The customer tree of our production LDAP environment contains dirty entries created by dynamicweb:
- The `uid` field is duplicated and the 'primary' (= used in DN) one is corrupted somehow: @b'intended_username'
- Looks like python bytestring (or whatever it is called).
Steps:
- fix dynamicweb so that new entries are correct.
- clean existing entries.
Relevant links:
Updated by Timothée Floure about 4 years ago
- Assignee changed from Timothée Floure to Mondi Ravi
Updated by Mondi Ravi about 4 years ago
Okay, here's the rough code that checks if a given uid has a bytestring type representation, and then modifies it to have the correct value.
# import class and constants
from ldap3 import Server, Connection
from django.conf import settings
import ldap3
# define the server
s = ldap3.Server(settings.AUTH_LDAP_SERVER)
# define the connection
c = ldap3.Connection(s, user=settings.LDAP_ADMIN_DN,
password=settings.LDAP_ADMIN_PASSWORD,
raise_exceptions=True)
c.bind()
# uid to search and modify
uid="coderpurple12gmailcom"
result = c.search(
search_base=settings.ENTIRE_SEARCH_BASE,
search_filter='(uid={uid})'.format(uid=uid)
)
entries = c.entries
if entries[0].entry_dn.startswith("uid=b'"):
dn = entries[0].entry_dn
new_superior = dn[dn.index(",")+1:]
c.modify_dn(entries[0].entry_dn, # dn
"uid={uid}".format(uid=uid), # relative_dn
True, # delete_old_dn
new_superior) # new_superior
print(c.result)
# close the connection
c.unbind()
Next step: need to loop through all entries and apply this change.
Updated by Mondi Ravi about 4 years ago
- Status changed from In Progress to Resolved
This was resolved on 2.10.2b https://code.ungleich.ch/ungleich-public/dynamicweb/-/tags/2.10.2b and deployed to production today.
Updated by Mondi Ravi about 4 years ago
this is the final code that I used for modifying existing entries.
from ldap3 import Server, Connection
from django.conf import settings
import ldap3
import sys
# define the server
s = ldap3.Server(settings.AUTH_LDAP_SERVER)
# define the connection
c = ldap3.Connection(s, user=settings.LDAP_ADMIN_DN,
password=settings.LDAP_ADMIN_PASSWORD,
raise_exceptions=True)
c.bind()
# uid to search and modify
uid_number_start=10053
uid_number_end=10400
x = range(uid_number_start, uid_number_end, 1)
for uid_number in x:
print("%s" % uid_number)
result = c.search(
search_base=settings.LDAP_CUSTOMER_DN,
search_filter='(&(objectClass=inetOrgPerson)(objectClass=posixAccount)'
'(objectClass=top)(uidNumber={uidNumber}))'.format(uidNumber=uid_number),
attributes=['uid', 'mail']
)
entries = c.entries
if len(entries)>0:
print(str(entries[0].mail) + " --- " + str(entries[0].entry_dn))
if entries[0].entry_dn.startswith("uid=b'"):
uid = entries[0].uid[0]
dn = entries[0].entry_dn
new_superior = dn[dn.index(",")+1:]
print("dn=%s, new_superior=%s, uid=%s" % (dn, new_superior, uid))
c.modify_dn(entries[0].entry_dn, "uid={uid}".format(uid=uid),True, new_superior)
print(c.result)
else:
print("Entry DN %s does not start with b'" % entries[0].entry_dn)
else:
print("Could not find an entry for uid_number=%s" % uid_number)
print("*******")
# close the connection
c.unbind()
Updated by Nico Schottelius about 4 years ago
- Status changed from Resolved to Closed
redmine@ungleich.ch writes:
Actions