I am doing passthrough authentication against a Novell eDirectory server. Currently I perform the following request:
results = server.search_s(
self.basedn,
ldap.SCOPE_SUBTREE,
'(objectClass=user)',
attrlist=['uid', 'networkAddress'])
(This is in python, let me know if you want me to explain it.)
The problem with this method is that each query returns every single user on the server, which I then have to loop through to find the user I'm interested in. I cache it, but what I'd really like to do is something like this:
results = server.search_s(
self.basedn,
ldap.SCOPE_SUBTREE,
'(&(objectClass=user)(networkAddress=#9#\x00\x00\xc0\xa8\n\x1e))')
(That wacky #9#
stuff is how the IP is stored - it's actually 192.168.10.30)
When I do a query for networkAddress
I get an 'Invalid Syntax'
error (even if I do something like networkAddress=blah
, without all the \
's).
Is there a way to do an LDAP query for a specific IP?
The problem is that Network Address is using a syntax of Net Address which is a structured attribute. I wrote about the various syntax types in these pair of articles:
http://www.novell.com/communities/node/6450/interesting-schema-syntaxes-edirectory-identity-manager-perspective-part-1 http://www.novell.com/communities/node/6457/interesting-schema-syntaxes-edirectory-identity-manager-perspective-part-2
The # signs separate fields in the LDAP view of the attribute.
I was looking at the schema reference for those articles in LogicSource for NDS, which was a for fee document.
The question is what is the comparison allowed on that attribute.
On a side point, if your queried for loginTime=* that would show those who are currently logged in, and would reduce the set of users to loop through.
Also, networkAddress is multivalued.
I assume the code you're actually running doesn't have an unescaped apostrophe inside the string?
Looks like you've got a single quote in the wrong place in your search filter. Should it rather be: