how to read attributes for given DN in ldap3 (how to search with ldap3 if no filter)
Question
If I already have an LDAP DN, how do I get the attributes for that DN with ldap3.Connection.search() ? There is no other search criteria, I already have the DN...
I tried searching for dn attribute, but it returned no objects found. I also tried forcing search_filter to '' , '()' or None and they all returned malformed filter string.
I also couldn't find a way to do this with the abstract Reader...
In ldapsearch you don't need to specify a search filter if you are doing a baseDN lookup...
import ldap3
ldap_conn = ldap3.Connection('ldapserver', raise_exceptions=True,
auto_bind=True, user='me', password='mypassword')
my_dn = "attrib1=blahblah, ou=org1, dc=dc1, dc=dcroot"
ldap_conn.search(
search_base=my_dn,
search_filter= '(????)', # required
search_scope=ldap3.BASE,
attributes='*'
)
print(ldap_conn.response)
1 answers
solution1
5 ACCPTED 2017-12-06 01:18:22
I just realized that objectClass will always be present, so setting it to wildcard should shim search_filter to return the 1 entry associated with base DN:
ldap_conn.search(
search_base=my_dn,
search_filter= '(objectClass=*)', # required
search_scope=ldap3.BASE,
attributes='*'
)
However it seems silly there is no special case for LOOKUP operation against the connection given a DN in ldap3.
EDIT : @cannatag mentioned this was a limitation of the protocol, so I decided to check the RFC: (RFC 4511) . Apparently, ldapsearch and Active Directory emulate an x.500-style LIST or READ by setting an objectClass presence filter :
Note that an X.500 "list"-like operation can be emulated by the client requesting a singleLevel Search operation with a filter checking for the presence of the 'objectClass' attribute, and that an X.500 "read"-like operation can be emulated by a baseObject Search operation with the same filter. A server that provides a gateway to X.500 is not required to use the Read or List operations, although it may choose to do so, and if it does, it must provide the same semantics as the X.500 Search operation.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.