Closed annmarie-switzer closed 3 years ago
RFC 4515 allows only hex-digit escape sequences in the LDAP filter string representation, and your group_dn
value contains \#\#
, which is invalid. Now, ldap3::ldap_escape()
should massage an arbitrary string into a representation acceptable to the filter parser. Replacing
g=group_dn
with
g=ldap3::ldap_escape(group_dn)
produces a filter string that must not return a filter parsing error. Does it actually? If not, does it return the expected result?
Yep - it works, just as you say it should. IDK what I did this morning but I clearly had something misaligned. I really appreciate your help and prompt response!
I'll close this since I reckon that the question has been answered.
The library will sometimes return a FilterParsing error, but it's not clear why this parsing error occurs.
I am using the library to get a list of DN's for objectClass=Group. I am then iterating over those DN's to get Objects associated with those Groups.
Since I am able to retrieve the Group DN from Active Directory with no error, I assume that the DN is valid. Therefore, it is a mystery as to why that same DN might fail when used in a secondary filter to find it's associated Objects. Can you help me understand why this error is occurring?
I would also note that I do not believe special characters in the filter string to be an issue. I have tried various hand-written methods to escape the appropriate characters, as well as this library's built-in methods, but neither work.
code: