search

fox-it / aclpwn.py

Active Directory ACL exploitation with BloodHound
MIT License
681 stars 106 forks source link

Installation fails due to the conflicting ldap3 version #3

Closed NeolithEra closed 3 years ago

NeolithEra commented 4 years ago

Hi @dirkjanm, users are unable to run aclpwn due to dependency conflict with ldap3 package. As shown in the following full dependency graph of aclpwn, impacket requires ldap3 ==2.5.1,while aclpwn requires ldap3 >=2.5.

According to pip’s “first found wins” installation strategy, aclpwn 2.6.1 is the actually installed version. However, aclpwn 2.6.1 does not satisfy ==2.5.1.

Dependency tree

aclpwn - 1.0.0
| +- impacket(install version:0.9.20 version range:*)
| | +- flask(install version:1.1.1 version range:>=1.0)
| | | +- click(install version:7.0 version range:>=5.1)
| | | +- itsdangerous(install version:1.1.0 version range:>=0.24)
| | | +- jinja2(install version:2.10.3 version range:>=2.10.1)
| | | | +- markupsafe(install version:1.1.1 version range:>=0.23)
| | | +- werkzeug(install version:0.16.0 version range:>=0.15)
| | +- ldap3(install version:2.5.1 version range:==2.5.1)
| | +- ldapdomaindump(install version:0.9.1 version range:>=0.9.0)
| | | +- dnspython(install version:1.16.0 version range:*)
| | | +- future(install version:0.18.2 version range:*)
| | | +- ldap3(install version:2.5.1 version range:==2.5.1)
| | +- pyasn1(install version:0.4.8 version range:>=0.2.3)
| | +- pycryptodomex(install version:3.9.4 version range:*)
| | +- pyopenssl(install version:19.1.0 version range:>=0.13.1)
| | +- six(install version:1.13.0 version range:*)
| +- ldap3(install version:2.6.1 version range:>=2.5)
| +- neo4j-driver(install version:1.7.6 version range:*)
| +- requests(install version:2.22.0 version range:*)
| | +- certifi(install version:2019.9.11 version range:>=2017.4.17)
| | +- chardet(install version:3.0.4 version range:<3.1.0,>=3.0.2)
| | +- idna(install version:2.8 version range:>=2.5,<2.9)
| | +- urllib3(install version:1.25.7 version range:<1.26,>=1.21.1)

Thanks for your help. Best, Neolith

NeolithEra commented 4 years ago

Suggested Solution

  1. Fix your direct dependency to be ldap3==2.5.1. I have checked this revision will not affect your downstream projects now.
  2. Ask your upstream project impacket to loose the version range of ldap3. @dirkjanm Which solution do you prefer, 1 or 2? Please let me know your choice. I can submit a PR to solve this issue.