Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing attributes #1052

Open
arady22 opened this issue Aug 24, 2022 · 1 comment
Open

Missing attributes #1052

arady22 opened this issue Aug 24, 2022 · 1 comment

Comments

@arady22
Copy link

arady22 commented Aug 24, 2022

I'm trying to get a list of all attributes that have a value but I'm facing an issue where there are many missing attributes both operational and user/effective.

server = Server(AD_SERVER, port=389, use_ssl=False, get_info=ALL)
conn = Connection(server, AD_SERVER_USERNAME, AD_SERVER_PASSWORD, client_strategy=SAFE_SYNC, auto_bind=True)

conn.search(
    search_base=SEARCH_BASE,
    search_filter=SEARCH_FILTER',
    search_scope=ldap3.BASE,
    attributes=['*', '+'],
    get_operational_attributes=True, #I know this is redundant
)

when I use the search operation like this I get a ton of missing operational attributes like modify_time_stamp, create_time_stamp, allowed_attributes_effective, allowed_attributes, allowed_child_classes_effective and many others.

reader = Reader(conn, OBJECT_DEF, SEARCH_BASE)
result = reader.search(attributes='*')

And when using the Reader class without the attributes parameter I get most of the missing operational attributes but the effective attributes have sAMAccountName, sAMAccountType, info and many others missing.

If I use the Reader class like above I get an LDAPCursor error:
LDAPCursorError: attribute 'sAMAccountName' not in object class 'group' for entry CN=Fetch-Users,OU=Cairo - Users,DC=daas365,DC=local

and If I use the attributes parameter in the Reader class, not the search:
reader = Reader(conn, OBJECT_DEF, SEARCH_BASE, attributes='*')
I get an LDAPCursor error:
LDAPCursorError: Attributes '*' non in definition
@fenchu
Copy link

fenchu commented Dec 6, 2022

This worked for me on our openldap:
attributes=[ldap.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES]
but when I look up the source:

# search attributes
ALL_ATTRIBUTES = '*'
NO_ATTRIBUTES = '1.1'  # as per RFC 4511
ALL_OPERATIONAL_ATTRIBUTES = '+'  # as per RFC 3673

I suspect some kind of user or searchbase limitation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fenchu @arady22