Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot read LDIF file when entry has no attributes #5

Open
skissane opened this issue Aug 12, 2017 · 2 comments
Open

Cannot read LDIF file when entry has no attributes #5

skissane opened this issue Aug 12, 2017 · 2 comments

Comments

@skissane
Copy link

I ran an ldapsearch against AD, to dump all entries my account has permission to see.
(I am using OpenLDAP ldapsearch client.)
I get back an LDIF file which includes some entries with no attributes:

dn: CN=NTDS Quotas,DC=ad,DC=example,DC=com

dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=ad,DC=example,DC=com

dn: CN=IP Security,CN=System,DC=ad,DC=example,DC=com

etc...

I am not sure why. Maybe I have permission to see the entry exists but not read it?

Now, I try to parse this LDIF file with node-ldif. And it gets a syntax error when it gets to these entries because the attributes are missing.

I realise that per RFC2849 this is invalid syntax and node-ldif is just following the RFC:

ldif-attrval-record      = dn-spec SEP 1*attrval-spec

But, given real world LDIF files seem to violate the spec in this way, it would be nice if node-ldif could be a bit more forgiving, even if just as an option...

As a workaround, I use this script to pre-process my LDIF file:

var input = require('fs').readFileSync("/dev/stdin", 'utf8');
input = input.replace(/\r\n/g, "\n");
input = input.replace(/\n /g, "");
input = input.replace(/\n#[^\n]*\n/g, "\n");
while (input.match(/\ndn:[^\n]*\n\n/))
    input = input.replace(/\ndn:[^\n]*\n\n/g, "\n");
process.stdout.write(input);

but would be nice if there was an out-of-the-box solution.
@skissane
Copy link
Author

BTW, it probably doesn't matter, but just in case, this is the ldapsearch command which generates the problematic LDIF file:

ldapsearch -LLL -h ${_adServer} -x -b "${_baseDN}" -D "${_user}@${_userDomain}" -W -E pr=2147483647/noprompt

That is out of a shell script, hence the ${...} variables which the shell script defines earlier...

@skissane skissane changed the title Cannot read LDIF file when entry has not attributes Cannot read LDIF file when entry has no attributes Aug 12, 2017
@jasonk
Copy link

jasonk commented May 18, 2018

FYI, for anyone else who runs into this, you can also work around it by making sure your output includes at least one attribute value. We were encountering this when parsing the output of a script that was only retrieving DNs.

# ldif.parse can't handle the output from this command:
ldapsearch <opts> '(objectclass=user)' dn

# but this one is fine:
ldapsearch <opts> '(objectclass=user)' dn cn

prigaux added a commit to prigaux/node-ldif that referenced this issue Apr 11, 2023
@prigaux
fix tapmodo#5: handle entries with no attributes
a0189f1
quanah pushed a commit to quanah/node-ldif that referenced this issue May 1, 2023
@prigaux
fix tapmodo#5: handle entries with no attributes
5f9d0fb
prigaux added a commit to prigaux/node-ldif that referenced this issue Jun 20, 2023
@prigaux
add test for issue tapmodo#5
b582647
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jasonk @skissane