After asking this question, I had an LDAP query that looked like this:
(&(cn=*)(networkAddress=*)(objectClass=user))
However, if a user has multiple cn's, they are returned multiple times. Is there a way to stop this happening?
SnapOverflow
Because CN in many schema implementations is multi valued, and not guarenteed to be unqiue the general rule is to use an attribute that is single valued and supposed to be unique, like uid.
In Active Directory, for a single domain you could rely on sAMAccountName, but not if there is more than one domain in the tree/forest. You might be able to rely on userPrincipalName, which is usually structured as [email protected] but unlike sAMAccountName, there is no validation that this is actually a unique value.
Experimentally I have noticed (ok, I made some typos) that UPN can be just about any value and there is no enforcement.
That sounds like the correct result to me...
What happens if you use a tool like ldapsearch?
I don't know anything about python data types, but couldn't you just catch the output in object and then check whether it is an array or just string. if its array just take first record if its a string take it directly.
I mean that's how I handle group membership related queries for users in vbscript.