On Feb 17, 2021, at 11:24 AM, Bruce Johnson
<[email protected]<mailto:[email protected]>> wrote:
I've written two subroutines for getting sAMAccountName by objectGUID and vice
versa; the main purpose is to manage a database table that stores the
objectGUID as a Base64 encoded string. (the purpose of this is to maintain a
match table for people in two different LDAP directories, one AD and the other
not.)
If I construct a standard ldap search to return the objectGUID in binary form
and then use that returned value to perform a new search with the filter
'(objectGUID=$return)’ as the filter fir the LDAP search, I get the LDAP error
“Bad Filter” but ONLY for those particular users. It works just fine for
others.
Actually per a dump of the return from the Net::LDAPS object it appears that
the error is coming from Net::LDAPS (or somewhere in the dependencies) rather
than from the LDAP server:
This is my query, $namein is the sAMAccountName of the user in question
my $attr = ['objectGUID', 'sAMAccountName', 'employeeNumber', 'mail'];
my $ldaps = Net::LDAPS->new("ldaps://host.domain") or return "FAIL LDAP ERROR
$0";
my $searchBase = “DC=Host,DC=Domain";
# Bind as AD user
my $mesg1 = $ldaps->bind("$ldu\@host.domain", password=>$ldp);
$mesg1->code && die "Authentication failed: " . $mesg1->error . "\n";
my $searchFilter = "(sAMAccountName=$namein)";
$mesg1 = $ldaps->search ( # perform a search
base => $searchBase,
filter => $searchFilter,
attrs => $attr
);
$mesg1->code && die $mesg1->error;
a dump of a successful LDAP query result (using sAMAccountName as the filter)
$VAR1 = bless( {
'reference' => [
'ldaps://Host.domain/CN=Configuration,DC=Host,DC=Domain'
],
'resultCode' => 0,
'mesgid' => 6,
'errorMessage' => '',
'matchedDN' => '',
'raw' => undef,
'ctrl_hash' => undef,
'callback' => undef,
'controls' => undef,
'parent' => bless( {
'net_ldap_rawsocket' => bless(
\*Symbol::GEN2, 'IO::Socket::SSL' ),
'net_ldap_host' => ‘host.domain',
'net_ldap_mesg' => {},
'net_ldap_async' => 0,
'net_ldap_refcnt' => 1,
'net_ldap_resp' => {},
'net_ldap_socket' =>
$VAR1->{'parent'}{'net_ldap_rawsocket'},
'net_ldap_uri' => 'ldaps://host.domain',
'net_ldap_debug' => 0,
'net_ldap_port' => 636,
'net_ldap_version' => 3,
'net_ldap_scheme' => 'ldaps'
}, 'Net::LDAPS' ),
'entries' => [
bless( {
'changetype' => 'modify',
'asn' => {
'attributes' => [
{
'vals'
=> [
'09805994'
],
'type'
=> 'employeeNumber'
},
{
'type'
=> 'objectGUID',
'vals'
=> [
'????N?6\\P????'
]
},
{
'type'
=> 'sAMAccountName',
'vals'
=> [
'mckay'
]
},
{
'vals'
=> [
‘[email protected]<mailto:[email protected]>'
],
'type'
=> 'mail'
}
],
'objectName' =>
'CN=mckay,OU=UA,OU=Accounts,DC=Host,DC=Domain'
},
'changes' => []
}, 'Net::LDAP::Entry' )
]
I then set the search filter to use the objectGUID returned
($mesg1->(0)->get_value(‘objectGUID’) ) from the successful query and I get
Bad filter at ./check_crossref_del.pl line 84.
If this was an error from LDAP it should have been returned in the
'errorMessage' => ‘’, line, I think.
If I run this same code with a user that works I get a repeat of the first
query as the results
So is this a bug/issue with Net::LDAPS?
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
