I'm using the ldapgroup command from SA-ldapsearch (Splunk Supporting Add-on for Active Directory). It allows me to get obtain nested users in AD groups. However, there is a problem with the command when running the command for certain groups in my AD. Although we can't "see it", there seem to be "list objects" in some of the AD groups and/or users, as opposed to "normal" string objects. we get the following error in Splunk when trying to use the ldapgroup command on these groups (cut away some not interesting lines).
AttributeError at ".../ldapgroup.py": 'list' object has no attribute 'split'
netbios_domain_name = entry_attributes.get('msDS-principalName', ' ').split('\\',1)
Does anyone have a solution to this problem other than manually going through AD and changing all the list objects? That would also mean we would need a way to actually identify these objects. In addition, is there any arguments for not using list objects in AD? If not, then the ldapgroup script should have supported list objects as well, and I can file this as a bug/improvement.
The AttributeError is an exception thrown when an object does not have the attribute you tried to access. The 'list' object has no attribute 'split' error is that you're trying to call python split function on the whole list of lines, and you can't split a list of strings, only a string. So, you need to split each line, not the whole thing.