Hi,
I'm encountering an issue with SA-ldapsearch (version 1.1.6) where ldapgroup bugs out when group members have accented characters in their distinguishedName.
An ldapsearch for such a user works fine -
| ldapsearch domain=X search="(givenName=Agnès)" attrs="distinguishedName"
gives
dn distinguishedName
CN=Agnès,OU=X,DC=X "BINARY-BLOB"
but an ldapgroup for a group where this user is a member does not work at all :
| ldapsearch domain=X search="(givenName=Agnès)" attrs="memberOf" | mvexpand memberOf | head 1 | ldapgroup groupdn=memberOf
External search command 'ldapgroup' returned error code 1. Script output = "_raw,_time,host,source,sourcetype,dn,memberOf,member_dn,__mv_member_dn,member_name,__mv_member_name,member_domain,__mv_member_domain,member_type,__mv_member_type,mv_combo,__mv_mv_combo,errors,__mv_errors "
ERROR: java.lang.NullPointerException: null
The log created by the ldapgroup command shows -
2012-12-17 15:01:11.100 +0100 pid=16217 [com.splunk.ldap.ActiveDirectory:getContextForDN#-1] INFO No port parameter in default section of ldap.conf - assuming port 389
2012-12-17 15:01:11.715 +0100 pid=16217 [com.splunk.ldap.ActiveDirectory:fetchEntry#-1] INFO DN CN=Agnès,OU=X,DC=X does not exist or cannot be read (note the poison cache)
2012-12-17 15:01:11.717 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Exception java.lang.NullPointerException thrown: null
2012-12-17 15:01:11.718 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.ldap.GroupMembership.<init> (-1)
2012-12-17 15:01:11.718 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.ldap.GroupMembership.membership (-1)
2012-12-17 15:01:11.719 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.program.LDAPGroups.Execute (-1)
2012-12-17 15:01:11.719 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.ldap.ActiveDirectory.getMembership (-1)
2012-12-17 15:01:11.720 +0100 pid=16217 [com.splunk.program.LDAPGroups:main#-1] ERROR Stack Trace com.splunk.program.LDAPGroups.main (-1)
ldapgroup works fine for me as long as there are no users with "strange" characters in their distinguishedName.
Did anybody experience the same behaviour - more importantly, did anyone get this to work ?
Cheers,
Tycho
... View more