Closed ThePirateWhoSmellsOfSunflowers closed 1 year ago
In Wireshark, I can see that impacket sends the string (&(objectCategory=group)(name=\28groupe\29))
and ldapsearch sends (&(objectCategory=group)(name=(groupe)))
to the DC.
Is it possible that you have to escape the parenthesis for the (ASN1) parsing but you need to replace the escaped sequence by the "real" character within the ASN1 struct ?
:sunflower:
Hi @ThePirateWhoSmellsOfSunflowers!
We were able to reproduce the issue. I did some tests queries with more special characters (such as /, *) and it seems we are not following the RFC. Currently, we are targeting a new release in the next few days so we will not address it for this version. We are going to work on this issue after the release.
This issue was fixed at https://github.com/fortra/impacket/pull/1549
According to the code, you need to follow the RFC4515 to build the LDAP filter. However the following code returns an empty response:
Using
search_filter = '(&(objectCategory=group)(name=(groupe)))'
just raise aimpacket.ldap.ldap.LDAPFilterSyntaxError
exception as expected.The same LDAP filter works with
ldapsearch
Am I missing something or is it a bug ?
:sunflower: