All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SA-ldapsearch issue with group members with accents

tfruru
Explorer
‎12-17-2012 06:19 AM

Hi,

I'm encountering an issue with SA-ldapsearch (version 1.1.6) where ldapgroup bugs out when group members have accented characters in their distinguishedName.

An ldapsearch for such a user works fine -

| ldapsearch domain=X search="(givenName=Agnès)" attrs="distinguishedName"

gives 

dn                  distinguishedName
CN=Agnès,OU=X,DC=X "BINARY-BLOB"

but an ldapgroup for a group where this user is a member does not work at all :

| ldapsearch domain=X search="(givenName=Agnès)" attrs="memberOf" | mvexpand memberOf | head 1 | ldapgroup groupdn=memberOf

External search command 'ldapgroup' returned error code 1. Script output = "_raw,_time,host,source,sourcetype,dn,memberOf,member_dn,__mv_member_dn,member_name,__mv_member_name,member_domain,__mv_member_domain,member_type,__mv_member_type,mv_combo,__mv_mv_combo,errors,__mv_errors "
ERROR: java.lang.NullPointerException: null

The log created by the ldapgroup command shows -

2012-12-17 15:01:11.100 +0100 pid=16217 [com.splunk.ldap.ActiveDirectory:getContextForDN#-1] INFO No port parameter in default section of ldap.conf - assuming port 389
2012-12-17 15:01:11.715 +0100 pid=16217 [com.splunk.ldap.ActiveDirectory:fetchEntry#-1] INFO DN CN=Agnès,OU=X,DC=X does not exist or cannot be read (note the poison cache)
2012-12-17 15:01:11.717 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Exception java.lang.NullPointerException thrown: null
2012-12-17 15:01:11.718 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.ldap.GroupMembership.<init> (-1)
2012-12-17 15:01:11.718 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.ldap.GroupMembership.membership (-1)
2012-12-17 15:01:11.719 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.program.LDAPGroups.Execute (-1)
2012-12-17 15:01:11.719 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.ldap.ActiveDirectory.getMembership (-1)
2012-12-17 15:01:11.720 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.program.LDAPGroups.main (-1)

ldapgroup works fine for me as long as there are no users with "strange" characters in their distinguishedName.

Did anybody experience the same behaviour - more importantly, did anyone get this to work ?

Cheers,

Tycho

Reply
1 Solution
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎12-17-2012 06:59 AM

Hi Tycho,

This is a bug, and I will file it as such just as soon as I get to a place where I can file bugs. The next release will have a fix for this.

View solution in original post

Reply
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎12-17-2012 06:59 AM

Hi Tycho,

This is a bug, and I will file it as such just as soon as I get to a place where I can file bugs. The next release will have a fix for this.

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-21-2015 05:35 PM

Was it addressed in the version 2.0.1 of the app ?

https://apps.splunk.com/app/1151/

0 Karma
Reply
Solved! Jump to solution

tfruru
Explorer
‎05-12-2014 12:05 PM

Hi Adrian, any news on when a more general fix will be available ? We're still encountering the problem when trying to use the "managedBy" attribute - which we extensively use in our environment ...

0 Karma
Reply
Solved! Jump to solution

ahall_splunk
Splunk Employee
Splunk Employee
‎02-26-2014 07:46 AM

Agreed - in the prior fix, we picked out several fields that we knew were UTF8 and disregarded the base64encoding() requirement. However, that isn't good enough and we know it.

Reply
Solved! Jump to solution

delink
Communicator
‎02-26-2014 06:16 AM

We are also experiencing this issue at a customer for usernames that contain accented characters. This seems to be the code that is doing it:

default:
for (n = 0; n < paramAttribute.size(); n++)
if (paramAttribute.needsBase64Encoding())
arrayOfString[n] = "";
else
arrayOfString[n] = paramAttribute.getValues()[n];

It seems like the decision to elide the information with "" is going to need to be more nuanced than just checking for base64 encoding.

0 Karma
Reply
Solved! Jump to solution

ahall_splunk
Splunk Employee
Splunk Employee
‎02-26-2013 07:14 AM

We have the updated bug. It will be looked at in one of our sprints.

Reply
Solved! Jump to solution

dominiquevocat
SplunkTrust
SplunkTrust
‎02-26-2013 02:34 AM

There still is a somewhat random problem with string attributes in version 1.1.9 resulting in fields containing . In 1.1.6 it would return all accent/umlaut strings as BINARY-BLOB, with 1.1.9 it seems random and spurious. I filed a bug twice 🙂 not sure if there is hope for a fix.

0 Karma
Reply
Solved! Jump to solution

tfruru
Explorer
‎02-04-2013 02:50 AM

Hi - The current version (SA-ldapsearch 1.1.9) solved the issue for me !

Cheers
Tycho

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...