All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Add-on for LDAP: Why am I getting duplicate entries and how do I fix this?

akanno
Communicator
‎02-02-2016 01:14 AM

Hi,all.

I am using the Add-on for LDAP:

When I search the following:

| ldap attrs="cn" ldap_filter="cn=*" sizelimit=1

I get following results.

   cn   |     dn
Manager |  cn=Manager,dc=example,dc=com

When I search the following:

| ldap attrs="cn" ldap_filter="cn=*" sizelimit=2

I get the following results:

   cn    |                dn
Manager  |  cn=Manager,dc=example,dc=com
Manager  |  cn=Manager,dc=example,dc=com
system   |  cn=system,ou=Group,dc=example,dc=com

When I search the following:

| ldap attrs="cn" ldap_filter="cn=*" sizelimit=3

I get following results:

   cn           |     dn
Manager         |  cn=Manager,dc=example,dc=com
Manager         |  cn=Manager,dc=example,dc=com
system          |  cn=system,ou=Group,dc=example,dc=com
Manager         |  cn=Manager,dc=example,dc=com
system          |  cn=system,ou=Group,dc=example,dc=com
Takahiko Takeda |  uid=takahiko.takeda,ou=People,dc=example,dc=com

I want to get following results.
Can I get it?

   cn           |     dn
Manager         |  cn=Manager,dc=example,dc=com
system          |  cn=system,ou=Group,dc=example,dc=com
Takahiko Takeda |  uid=takahiko.takeda,ou=People,dc=example,dc=com

alt text

Preview file
1 KB
0 Karma
Reply

akanno
Communicator
‎02-02-2016 02:58 AM

When I changed following in myldap.py , I fixed this problem.

befor

result_set = result_set + result_data # append result data to the set

after

#result_set = result_set + result_data # append result data to the set
result_set = result_data
Reply

moreda
Explorer
‎03-10-2016 07:52 AM

Hi, MuS.

I had the same problem as Akkano, I took a look to your myldap.py and definitely I think there's a problem in the loop where you compose the result:

# get and process the LDAP result
try: # lets do it
    if myDebug == "yes": logger.info( "processing LDAP results..." ) # logger
    while 1: # start the loop
        result_type, result_data = l.result(result_id,0) # get the type and data from the results
        result_set = result_set + result_data # append result data to the set
        if (result_data == []): # if there is no more result
            break # leave the while loop
        for i in result_set: # do some python Fu magic on the LDAP results
            a = {} # set empty list
            z = {} # set empty list
            key = "dn" # set key to DN to identify the destinguest name
            z.setdefault(key, []) #
            z[key].append(i[0]) #
            for k, v in i[1].items(): #
                if not k == "objectClass": #
                    v = '","'.join(v) #
                    key = k #
                    a.setdefault(key, []) #
                    a[key].append(v) # append keys and value pairs to first list
            z = dict(z.items() + a.items()) # append keys and value pairs to second list
            od = collections.OrderedDict(sorted(z.items())) # lets sort this alphabetical order
            results.append(od) # append ordered list to results

Without a deep analysis, it looks to me that at some point you where just returning the "result_set" variable, but now what you return is "results" which should be appended with "results_data" in each iteration (hence everything works with the change suggested by Akkano, that is making "result_set = result_data" in each iteration).

Anyway, this workaround is ugly and I'd love to see your better approach in the next release... or I could help if you are too busy.

Thank you!

Rober

0 Karma
Reply

MuS
Legend
‎02-02-2016 05:38 AM

Hi akanno,

This is NOT the solution for this problem! This will only work for you and should not be used by default.
It would be better do understand why your LDAP server returns those results. So if you want to have the real solution and are willing to help I can have a closer look at it.
BTW I'm currently updating the Add-On anyway so this would be a good 'fixing' 😉

cheers, MuS

PS: Please un-accept this answer since it is NOT correct!

0 Karma
Reply

akanno
Communicator
‎02-02-2016 05:38 PM

BTW I'm currently updating the Add-On anyway so this would be a good 'fixing' 😉
I'm looking forward to your update.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...