Trying to obtain memberof detail from linux ldapsearch command - linux

I am trying run an LDAP query from a Linux machine (CentOS 5.8) to a Windows LDAP server and want to get 'memberof' detail for a user. In this example, the Domain is cm.loc and the user is admin1#cm.loc. Here is the ldapsearch syntax I am using. It returns an error.
Can someone point me in the right direction with what the correct syntax should be using ldapsearch to query for memberof detail for a particular account?
Here is what I am using that returns error; "ldap search ext bad search filter 7"
Where is my syntax wrong?
ldapsearch –x –h 192.168.1.20 –b 'DC=cm,DC=loc' -s base –D 'admin1#cm.loc' -W '(&(objectCategory=Group)(|(memberOf=group1)(memberOf=group2)…))'
Thank You

memberOf is an attribute with DN syntax. group1 is not a DN.

The syntax looks OK, you need to use the full DN syntax for the memberOf query, and it's still memberOf=, not memberOf: - if you use the colon syntax then you'll get the bad search filter error.
The next thing is that you must escape the search string according to the specifications of RFC4515. This generally means that the following characters in the search string terms: \, *, (, and ) must be escaped using \5c, \2a, \28, \29 respectively, otherwise you get the same error - bad search term. This is on top of the escaping that the ldap server may have applied to the DN already.

Related

What is the correct method to determine if a system user exists locally on windows?

I am working on an authentication system for a local server jupyterhub that relies on OAuth protocol. Additionally, it creates a local system user on windows, in case it does not exist.
What is the correct way to check whether a user exists on windows platforms using python?
This would include cases in which the system uses LDAP authentication and the user logged in the machine at least once.
I am looking for the correct windows alternative to the unix-like:
import pwd
try:
pwd.getpwnam(user.name)
except Exception as e:
print(repr(e))
My current solution is to check for the existence of the f"os.environ["SystemDrive"]\Users\{username}" folder. Side question, is there any drawback with the current method?
Here's a solution to checking if a local Windows user exists using python:
import subprocess
def local_user_exists_windows(username):
r = subprocess.run("net user",stdout=subprocess.PIPE)
#look for username in the output. Return carriage followed by line break followed by name, then space
return f"\\r\\n{username.lower()} " in str(r.stdout).lower()
Alternative is to use a regular expression to find username match (^ is regex for beginning of line if used in conjunction with multiline, \b for word boundary):
import re
re.findall(rf"^{username}\b", out,flags=re.MULTILINE | re.IGNORECASE)
Note that the \b could be replaced with \s+ meaning a space character one or more times and yield similar results. The function above will return True if given user name is an exact match with local username on Windows.
Again, my reason for this solution is there might be drawback to checking whether the path f"os.environ["SystemDrive"]\Users\{username}" exists. For example, I have a case where a Local User (e.g,local_username) exists via the net user command or via looking at "Local Users and Groups" control panel, but there is no C:\Users\local_user_name folder. One reason for this I can think of off the top of my head is perhaps the user switched from logging in as a Local User to using a Domain Account, and their User folder was deleted to save space, so the User exists, but the folder does not, etc.)
The call to net user gets local users - and the output looks something like this:
User accounts for \\SOME-WINDOWS-COMPUTER
-------------------------------------------------------------------------------
SomeUser Administrator DefaultAccount
Guest local_admin WDAGUtilityAccount
Notice how the SomeUser in this example is preceded by a \r\n followed by multiple spaces, hence looking for a username string inside this string could yield a false positive if the string you are searching is contained inside another string.
The solution above works for me, but has been tested all of ten minutes, and there might be some other simpler or more pythonic way of doing this.

cannot add password to user name with hyphen (-) in Terminal Code

I created a Data Base with user smart-brain. And i wanted to add a password to it. which always gives me error
I tried creating another user without the hyphen and there was no problem.
Using Linux ubuntu
https://gyazo.com/03a58dcbd539a75868d886d66ca299a9
createdb 'smart-brain'
psql 'smart-brain'
psql (10.6 (Ubuntu 10.6-0ubuntu0.18.04.1))
Type "help" for help.
smart-brain=# ALTER USER smart-brain WITH PASSWORD 'test123';
ERROR: syntax error at or near "-"
LINE 1: ALTER USER smart-brain WITH PASSWORD 'test123';
This is untested, but valid Postgres identifiers can only include letters, digits, underscore, or dollar sign. Hyphen does not appear to be included in that list. This means that, assuming user smart-brain even exists, you should be escaping it using double quotes. Try the following alter statement:
ALTER USER "smart-brain" WITH PASSWORD 'test123';

How to have an 'OR' in search query for Github API?

Github API allows us to search users by different parameters, and one of those parameters is location. Running the following query will give all the users living in Pakistan:
curl https://api.github.com/search/users?q=location:pakistan
Now, I would like to get all the users that either live in Pakistan or in India, but it seems that Github doesn't define a way for having an or between Pakistan & India.
I have tried the following queries, but these aren't working:
curl https://api.github.com/search/users?q=location:pakistan&location:india
curl https://api.github.com/search/users?q=location:(pakistan|india)
Your first attempt is close, but doesn't work because location isn't its own HTTP GET argument. The entire string location:pakistan is the value to the q parameter.
When you do ?q=location:pakistan&location:india you are actually submitting something like
q has the value location:pakistan
location:india is a key, but has no value
Instead, join multiple location keys with + or %20:
curl https://api.github.com/search/users?q=location:pakistan+location:india
Now the entire location:pakistan+location:india string is passed as the value to the q key.
A literal space can work too, but then you have to escape it or wrap the arguments in quotes.

LDAP custom attribute cannot be searched?

I have some special custom attributes with my ldap setup. I have a custom attribute called "GroupCode". I have bunch of entries with this special attribute that I was able to write to the ldap database. Lets say that I have an entry with attribute "xyz" and another attribute with "wasd". I search with the filter "(GroupCode=xyz)" and "(GroupCode=wasd)" neither one of these search return anything. However, if I change the filter to "(GroupCode=*)", then it would return all the entries that have the GroupCode attribute. I have examined the attribute properties, and it looks normal, the apache directory studio shows it to be of "String" value, do I don't know why it isn't searching with the filter I provided. My knowledge with ldap structure is fairly limited as it is fairly complexed. Anyone have any idea, please let me know. Much appreciated. Thanks.
can you see if you can formulate the same search criteria into an ldapsearch command in the command line?
ldapsearch -H ldap://LDAP_SERVER -D LDAP_AUTH_LOGIN -b LDAP_BASE -w PW -x "CRITERIA"
if so, then you can then also experiment with your criteria.
ldapsearch -H ldap://LDAP_SERVER -D LDAP_AUTH_LOGIN -b LDAP_BASE -w PW -x "(GroupCode=xyz)"
One possible reason for your issue is that you forgot to specify the EQUALITY and SUSBSTR properties of your custom attribute.
Here is an example for a custom attribute called sAMAccountName:
attributeTypes: ( 1.2.840.113556.1.4.221
NAME 'sAMAccountName'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )

CouchDB Find One not working

I am a couchDB newbie and am doing the examples in the O'Reilly CouchDB guide.
I have a problem using a view to retrieve a document by key:
curl http://127.0.0.1:5984/basic/_design/example/_view/by_date?key="2009/01/15 15:52:20"
gives the reply:
curl: (52) Empty reply from server
but just retrieving all rows:
curl http://127.0.0.1:5984/basic/_design/example/_view/by_date
gives me 3 rows including the specific row I am looking for:
{"id":"hello-world","key":"2009/01/15 15:52:20","value":"Hello World"}
why doesn't the key query work?
I am using CouchDB version 0.10.0 on Ubuntu 9.10
CouchDB expects the start_key parameter to be a valid JSON-compatible type, such as "a string" or 12345 or ["an", "array", "with", 5.0, "elements"]. If you check your CouchDB logs you will probably see a 400 (bad client request) entry because your key is either invalid UTF8 or invalid JSON.
You probably have two problems:
The shell is interpreting your quotes which must actually be sent to CouchDB. Try single-quoting your double-quote string.
You probably also need to encode your key so that it is a valid URL. Specifically, replace your space with %20
Putting this all together, the following works for me on CouchDB 0.11 on Ubuntu 9.10.
$ curl http://127.0.0.1:5984/blog/_design/docs/_view/by_date?key='"2009/01/30%2018:04:11"'
{"total_rows":1,"offset":0,"rows":[
{"id":"biking","key":"2009/01/30 18:04:11","value":"Biking"}
]}
It worked, I single-quoted the key string and encoded the space character so the request became:
/by_date?key='"2009/01/30%2015:52:20"'

Resources