Search LDAP for a user with a specific IP address
The problem is that Network Address is using a syntax of Net Address which is a structured attribute. I wrote about the various syntax types in these pair of articles:
http://www.novell.com/communities/node/6450/interesting-schema-syntaxes-edirectory-identity-manager-perspective-part-1 http://www.novell.com/communities/node/6457/interesting-schema-syntaxes-edirectory-identity-manager-perspective-part-2
The # signs separate fields in the LDAP view of the attribute.
I was looking at the schema reference for those articles in LogicSource for NDS, which was a for fee document.
The question is what is the comparison allowed on that attribute.
On a side point, if your queried for loginTime=* that would show those who are currently logged in, and would reduce the set of users to loop through.
Also, networkAddress is multivalued.
Related videos on Youtube
Harley
Updated on September 17, 2022Comments
-
Harley almost 2 years
I am doing passthrough authentication against a Novell eDirectory server. Currently I perform the following request:
results = server.search_s( self.basedn, ldap.SCOPE_SUBTREE, '(objectClass=user)', attrlist=['uid', 'networkAddress'])
(This is in python, let me know if you want me to explain it.)
The problem with this method is that each query returns every single user on the server, which I then have to loop through to find the user I'm interested in. I cache it, but what I'd really like to do is something like this:
results = server.search_s( self.basedn, ldap.SCOPE_SUBTREE, '(&(objectClass=user)(networkAddress=#9#\x00\x00\xc0\xa8\n\x1e))')
(That wacky
#9#
stuff is how the IP is stored - it's actually 192.168.10.30)When I do a query for
networkAddress
I get an'Invalid Syntax'
error (even if I do something likenetworkAddress=blah
, without all the\
's).Is there a way to do an LDAP query for a specific IP?
-
Harley about 15 yearsWoops, sorted that now.
-
Harley about 15 yearsGreat answer, but it seems changing the query to '(&(loginTime=*)(objectClass=user))' returns every user who has ever logged in. Numbers: all = 1101 after adding loginTime=* = 1046 users with uid and networkAddress = 55
-
Harley about 15 yearsAh hah! If I make the query '(&(networkAddress=*)(objectClass=user))' it gives me a much smaller subset of users. Looks like that's what I want.
-
geoffc about 15 yearsRight, sorry forgot, Login Time remains... I guess if you could filter loginTime in the search with a less than filter, that would be good, but alas you cannot do that either.