From fe3e3ed5f41a0db698a2044904ae909751095ce3 Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Tue, 7 Jun 2022 12:40:53 +0200 Subject: [PATCH] ldap: fix DN spliting/escaping problems --- mylib/ldap.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/mylib/ldap.py b/mylib/ldap.py index 082d395..14b1d0d 100644 --- a/mylib/ldap.py +++ b/mylib/ldap.py @@ -12,6 +12,7 @@ import dateutil.tz import ldap from ldap.controls import SimplePagedResultsControl from ldap.controls.simple import RelaxRulesControl +from ldap.dn import escape_dn_chars, explode_dn import ldap.modlist as modlist from mylib import pretty_format_dict @@ -256,13 +257,13 @@ class LdapServer: def rename_object(self, dn, new_rdn, new_sup=None, delete_old=True): """ Rename an object in LDAP directory """ # If new_rdn is a complete DN, split new RDN and new superior DN - if len(new_rdn.split(',')) > 1: + if len(explode_dn(new_rdn)) > 1: self.logger.debug( "LdapServer - Rename with a full new DN detected (%s): split new RDN and new superior DN", new_rdn ) assert new_sup is None, "You can't provide a complete DN as new_rdn and also provide new_sup parameter" - new_dn_parts = new_rdn.split(',') + new_dn_parts = explode_dn(new_rdn) new_sup = ','.join(new_dn_parts[1:]) new_rdn = new_dn_parts[0] assert self.con or self.connect() @@ -761,14 +762,14 @@ class LdapClient: ) # Compute new object DN - dn_parts = self.decode(ldap_obj['dn']).split(',') + dn_parts = explode_dn(self.decode(ldap_obj['dn'])) basedn = ','.join(dn_parts[1:]) - new_rdn = '%s=%s' % (rdn_attr, self.decode(new_rdn_values[0])) + new_rdn = '%s=%s' % (rdn_attr, escape_dn_chars(self.decode(new_rdn_values[0]))) new_dn = '%s,%s' % (new_rdn, basedn) # Rename object log.debug('%s: Rename to %s', ldap_obj['dn'], new_dn) - if not self.move_object(ldap_obj, new_rdn): + if not self.move_object(ldap_obj, new_dn): return False # Remove RDN in changes list