Le 26/05/2014 10:02, Matthias Apitz a écrit :
El día Monday, May 26, 2014 a las 09:18:38AM +0200, Nicolas Cauchie escribió:
Hello there I use a Debian 7.4 server with ldapsearch to search data about users on an Active Directory database. When a result of a search contains specials characters (such as é, è, à), no result is given, but if I delete special characters to the user profile, it works. How could I make it work with special caracters (guess it's a UTF-8 problem ?) ? Thanks in advance NicolasHi Nicolas,
Are you sure that no results are returned? Can you show the output of a ldapsearch cmd-line tool? I saw that in the result values are encoded if they contain non ASCII chars.
matthias
Yes, I wrote it in a previous answer.
The result is base64 encoded if "-t" switch is not used, or sent to a temp file if this switch is used. But in both cases, I can't use the result "as is" without another manipulation, but i'm stuck..
Thanks signature -----
El día Monday, May 26, 2014 a las 02:08:51PM +0200, Nicolas Cauchie escribió:
Hi Nicolas,
Are you sure that no results are returned? Can you show the output of a ldapsearch cmd-line tool? I saw that in the result values are encoded if they contain non ASCII chars.
matthiasYes, I wrote it in a previous answer. The result is base64 encoded if "-t" switch is not used, or sent to a temp file if this switch is used. But in both cases, I can't use the result "as is" without another manipulation, but i'm stuck.. Thanks
I think, the encoded attributes have a double colon '::'; do a test like this:
$ /usr/bin/ldapsearch .... | fgrep :: ... attributeMailText:: U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC
$ echo U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC | mmencode -u 2>/dev/null Sorry, I'm out of office until Augus
HIH
matthias
To be more efficient, here's what I want to do :
I've made a script wich generates automatically disclaimers (or signatures) using an AD database to search users attributes : name, surname, telephone number...
I've made a command like this :
ldapsearch -LLL -C \ -h 'DC.DOMAIN.LAN' \ -b 'ou=OU_NAME,dc=DOMAIN,dc=lan' \ -D 'CN=binder,OU=OU_NAME,DC=DOMAIN,DC=lan' \ -w 'BINDER_PW' \ '(sAMAccountname='A_USER_NAME')' sn \ | sed -n -e 's/^.*sn: //p'
With this command, I catch the "sn" attribute of a user. This command only works if the sn dosen't contain special caracters. If it does, I had to use "sed" like this : sed -n -e 's/^.*_sn::_ //p'
With the "sed" command, I only take what is after the "sn:" or "sn::" to only have data I want.
The result of this command is sent in a variable of my script I use after to make html and txt signatures.
This scripts works perfectly, only when an attribute I catch have a special caracter.
What you said is a good track for me. What I "only have to do" is to search if the line contains one or two ":". If there's one ":", I don't have decode, if there's two":", I have to decode.
Are you OK with me ?
Thanks a lot.
Nicolas
Le 26/05/2014 15:08, Matthias Apitz a écrit :
El día Monday, May 26, 2014 a las 02:08:51PM +0200, Nicolas Cauchie escribió:
Hi Nicolas,
Are you sure that no results are returned? Can you show the output of a ldapsearch cmd-line tool? I saw that in the result values are encoded if they contain non ASCII chars.
matthias Yes, I wrote it in a previous answer. The result is base64 encoded if "-t" switch is not used, or sent to a temp file if this switch is used. But in both cases, I can't use the result "as is" without another manipulation, but i'm stuck.. Thanks -----I think, the encoded attributes have a double colon '::'; do a test like this:
$ /usr/bin/ldapsearch .... | fgrep :: ... attributeMailText:: U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC
$ echo U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC | mmencode -u 2>/dev/null Sorry, I'm out of office until Augus
HIH
matthias
Here's the piece of code I've wrote. It's not complex, but have to think about those ":" and "::".
USER_CITY2="$(ldapsearch -LLL -C -x \ -h $VAR_DC \ -b $VAR_SEARCHBASE \ -D $VAR_BINDER \ -w $VAR_PWBINDER \ '(mail='$USER')' \ l)" if [[ $USER_CITY2== *l::* ]] then USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l:: //p' | base64 --decode)"; else USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l: //p')"; fi
This way, the first command will search the AD the $USER's city and store it in $CITY2. If the result contains "::", then I have to decode and if the result contains ":", I don't have to decode. The final result is stored in $USER_CITY.
Thanks a lot to have helped me.
Nicolas
Le 26/05/2014 15:41, Nicolas a écrit :
To be more efficient, here's what I want to do :
I've made a script wich generates automatically disclaimers (or signatures) using an AD database to search users attributes : name, surname, telephone number...
I've made a command like this :
ldapsearch -LLL -C \ -h 'DC.DOMAIN.LAN' \ -b 'ou=OU_NAME,dc=DOMAIN,dc=lan' \ -D 'CN=binder,OU=OU_NAME,DC=DOMAIN,DC=lan' \ -w 'BINDER_PW' \ '(sAMAccountname='A_USER_NAME')' sn \ | sed -n -e 's/^.*sn: //p'
With this command, I catch the "sn" attribute of a user. This command only works if the sn dosen't contain special caracters. If it does, I had to use "sed" like this : sed -n -e 's/^.*_sn::_ //p'
With the "sed" command, I only take what is after the "sn:" or "sn::" to only have data I want.
The result of this command is sent in a variable of my script I use after to make html and txt signatures.
This scripts works perfectly, only when an attribute I catch have a special caracter.
What you said is a good track for me. What I "only have to do" is to search if the line contains one or two ":". If there's one ":", I don't have decode, if there's two":", I have to decode.
Are you OK with me ?
Thanks a lot.
Nicolas
Le 26/05/2014 15:08, Matthias Apitz a écrit :
El día Monday, May 26, 2014 a las 02:08:51PM +0200, Nicolas Cauchie escribió:
Hi Nicolas,
Are you sure that no results are returned? Can you show the output of a ldapsearch cmd-line tool? I saw that in the result values are encoded if they contain non ASCII chars.
matthias Yes, I wrote it in a previous answer. The result is base64 encoded if "-t" switch is not used, or sent to a temp file if this switch is used. But in both cases, I can't use the result "as is" without another manipulation, but i'm stuck.. Thanks -----I think, the encoded attributes have a double colon '::'; do a test like this:
$ /usr/bin/ldapsearch .... | fgrep :: ... attributeMailText:: U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC
$ echo U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC | mmencode -u 2>/dev/null Sorry, I'm out of office until Augus
HIH
matthias
Nicolas Cauchie wrote:
Here's the piece of code I've wrote. It's not complex, but have to think about those ":" and "::".
USER_CITY2="$(ldapsearch -LLL -C -x \ -h $VAR_DC \ -b $VAR_SEARCHBASE \ -D $VAR_BINDER \ -w $VAR_PWBINDER \ '(mail='$USER')' \ l)" if [[ $USER_CITY2== *l::* ]] then USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l:: //p' | base64 --decode)"; else USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l: //p')"; fi
This way, the first command will search the AD the $USER's city and store it in $CITY2. If the result contains "::", then I have to decode and if the result contains ":", I don't have to decode. The final result is stored in $USER_CITY.
Hmm, I think this is the right time again to recommend to use a decent scripting language with a LDAP module to do searches and convert data. It's far more efficient and readable.
Ciao, Michael.
--On Tuesday, May 27, 2014 8:46 PM +0200 Michael Ströder michael@stroeder.com wrote:
Hmm, I think this is the right time again to recommend to use a decent scripting language with a LDAP module to do searches and convert data. It's far more efficient and readable.
Agreed. python-ldap or Net::LDAP for perl are both substantially better for this sort of work than the command line tools.
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Matthias Apitz -
Michael Ströder -
Nicolas Cauchie -
Quanah Gibson-Mount