Search LDAP for a user with a specific IP address

Question

I am doing passthrough authentication against a Novell eDirectory server. Currently I perform the following request:

results = server.search_s(
    self.basedn,
    ldap.SCOPE_SUBTREE,
    '(objectClass=user)',
    attrlist=['uid', 'networkAddress'])

_{(This is in python, let me know if you want me to explain it.)}

The problem with this method is that each query returns every single user on the server, which I then have to loop through to find the user I'm interested in. I cache it, but what I'd really like to do is something like this:

results = server.search_s(
    self.basedn,
    ldap.SCOPE_SUBTREE,
    '(&(objectClass=user)(networkAddress=#9#\x00\x00\xc0\xa8\n\x1e))')

_{(That wacky #9# stuff is how the IP is stored - it's actually 192.168.10.30)}

When I do a query for networkAddress I get an 'Invalid Syntax' error (even if I do something like networkAddress=blah, without all the \'s).

Is there a way to do an LDAP query for a specific IP?

score 2 · Accepted Answer · answered Jun 25 '09 at 01:37

2

The problem is that Network Address is using a syntax of Net Address which is a structured attribute. I wrote about the various syntax types in these pair of articles:

http://www.novell.com/communities/node/6450/interesting-schema-syntaxes-edirectory-identity-manager-perspective-part-1 http://www.novell.com/communities/node/6457/interesting-schema-syntaxes-edirectory-identity-manager-perspective-part-2

The # signs separate fields in the LDAP view of the attribute.

I was looking at the schema reference for those articles in LogicSource for NDS, which was a for fee document.

The question is what is the comparison allowed on that attribute.

On a side point, if your queried for loginTime=* that would show those who are currently logged in, and would reduce the set of users to loop through.

Also, networkAddress is multivalued.

answered Jun 25 '09 at 01:37

geoffc

2,135
5
25
37

Great answer, but it seems changing the query to '(&(loginTime=*)(objectClass=user))' returns every user who has ever logged in. Numbers: all = 1101 after adding loginTime=* = 1046 users with uid and networkAddress = 55 – Harley Jun 25 '09 at 02:08
Ah hah! If I make the query '(&(networkAddress=*)(objectClass=user))' it gives me a much smaller subset of users. Looks like that's what I want. – Harley Jun 25 '09 at 02:10
Right, sorry forgot, Login Time remains... I guess if you could filter loginTime in the search with a less than filter, that would be good, but alas you cannot do that either. – geoffc Jun 25 '09 at 21:03

score 0 · Answer 2 · answered Jun 25 '09 at 01:35

0

I assume the code you're actually running doesn't have an unescaped apostrophe inside the string?

answered Jun 25 '09 at 01:35

Zanchey

3,041
20
28

Woops, sorted that now. – Harley Jun 25 '09 at 01:48

score 0 · Answer 3 · answered Jun 25 '09 at 01:38

0

Looks like you've got a single quote in the wrong place in your search filter. Should it rather be:

results = server.search_s(
    self.basedn,
    ldap.SCOPE_SUBTREE,
    '(&(objectClass=user)(networkAddress=#9#\x00\x00\xc0\xa8\n\x1e))'
)

answered Jun 25 '09 at 01:38

squillman

37,618
10
90
145

Search LDAP for a user with a specific IP address

3 Answers3