ms_active_directory icon indicating copy to clipboard operation
ms_active_directory copied to clipboard
verified publisher icon zorn96

The new move functions broken. Ldap3 compatiblity

Open rlees85 opened this issue 1 year ago • 2 comments

The signatures for one of ldap3s function seems to have changed since you implemented the move functions. See: https://github.com/cannatag/ldap3/blob/dev/ldap3/core/connection.py (line 1169, modify_dn). It seems to expect a "relative DN" rather than an object name.

For the most part this seems to be satisfiable by just slapping CN= in front of the object name. If I was to raise a PR it would be along the lines of https://github.com/zorn96/ms_active_directory/blob/main/ms_active_directory/core/ad_session.py (line 3900) just adding CN= to the object name that is sent to ldap3.

I am guessing there is a better way to do this though....

In its current state just get this error:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/rich/Automation/arden/sandpit/ad-function-app/update.py", line 212, in update
    if not session.move_user(
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ms_active_directory/core/ad_session.py", line 3964, in move_user
    return self._move_or_rename_object_by_dn(user, new_parent_dn=new_parent_dn, controls=controls,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ms_active_directory/core/ad_session.py", line 3907, in _move_or_rename_object_by_dn
    res = self.ldap_connection.modify_dn(object_dn, object_name, new_superior=new_parent_dn, controls=controls)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ldap3/core/connection.py", line 1186, in modify_dn
    relative_dn = safe_dn(relative_dn)
                  ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ldap3/utils/dn.py", line 353, in safe_dn
    for component in parse_dn(dn, escape=True):
                     ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ldap3/utils/dn.py", line 315, in parse_dn
    if not _validate_attribute_type(attribute_type):
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ldap3/utils/dn.py", line 172, in _validate_attribute_type
    raise LDAPInvalidDnError('attribute type not present')
ldap3.core.exceptions.LDAPInvalidDnError: attribute type not present

edit: looking at older versions of ldap3 I can't actually see how this has ever worked. Maybe I am missing something stupid?

rlees85 avatar Feb 13 '24 16:02 rlees85

thanks for the catch! I commented on the PR

zorn96 avatar Apr 02 '24 04:04 zorn96

Hi! I was hit by that when using move_computer(). Any plans to release a new version of the module on PyPI soon to address the issue? Thanks!

mponton-cn avatar May 27 '24 23:05 mponton-cn

new version has been released with the fix

zorn96 avatar Sep 02 '24 17:09 zorn96