https://github.com/lldap/lldap logo
Join Discord
Powered by
Hey all, I'm new to LLDAP but it looks like it wil...
# troubleshooting
p
Hey all, I'm new to LLDAP but it looks like it will solve quite a few issues for me! Is there a copy of the schema anywhere so I know which fields I can search against using Python's LDAP3 library? I've seen that #67 will publish the fields in the UI, but I'm wondering if there's a way to see them before that gets merged?
n
Here's a brand new thread for you! Please keep the discussion for this problem in this thread.
p
As an example, I'm trying to execute the following query:
Copy code
(&(objectclass=person)(email=user@domain.com))"
but none of the options I've tried for the field name seem to work
I've tried: * mailAddress * email * emailAddress * principalUserName
The goal is to be able to look up a user based on their email address, and add them if they don't exist. If they do exist, check which groups they are in and if they are in the wrong groups, update them accordingly
NVM, found it: https://github.com/lldap/lldap/blob/main/schema.graphql#L68 so now I need to debug why I'm not finding it, I think it's because I'm not binding correctly...
n
Graphql and LDAP have slightly different names for the fields. But you can just query all the fields with LDAP to see what gets returned 🙂
p
Thanks. I'm getting closer - I've managed to get the code to bind to the server, it's just the search that's not working now! I'll keep going and post my results back "for posterity" 🙂
n
Once you figure it out, you can maybe send a PR with a python stub script to connect/search, as an example for posterity again!
p
I've got the connection and search working, as well as the creation of a new user
I'm struggling to modify that user to add it to a group though if you're able to help? The logs from the LDAP library are:
Copy code
>>LDAPMessage:
>> messageID=5
>> protocolOp=ProtocolOp:
>>  modifyRequest=ModifyRequest:
>>   object=cn=test.test,ou=people,ou=people,dc=auth,dc=makemonmouth,dc=co,dc=uk
>>   changes=Changes:
>>    Change:
>>     operation=add
>>     modification=PartialAttribute:
>>      type=memberOf
>>      vals=Vals:
>>       member
and the error is
Copy code
INFO:ldap3:PROTOCOL:MODIFY response <[{'result': 53, 'description': 'unwillingToPerform', 'dn': '', 'message': 'Unsupported operation: ModifyRequest(\n    LdapModifyRequest {\n        dn: "cn=test.test,ou=people,ou=people,dc=auth,dc=makemonmouth,dc=co,dc=uk",\n        changes: [\n            LdapModify {\n                operation: Add,\n                modification: LdapPartialAttribute {\n                    atype: "memberOf",\n                    vals: [\n                        [\n                            109,\n                            101,\n                            109,\n                            98,\n                            101,\n                            114,\n                        ],\n                    ],\n                },\n            },\n        ],\n    },\n)', 'referrals': None, 'responseName': None, 'responseValue': None, 'type': 'extendedResp'}]> received via <ldap://localhost:389 - cleartext - user: uid=admin,ou=people,dc=auth,dc=makemonmouth,dc=co,dc=uk - not lazy - bound - open - <local: 127.0.0.1:42313 - remote: 127.0.0.1:389> - tls not started - listening - SyncStrategy - internal decoder>
n
Just a word of warning: 
ldapmodify
is not supported
p
hahahaha, that would be it then 🤣
I assume I need to add the user to the group on user creation then?
n
The blessed API to manage users and groups through code is GraphQL
p
ah, ok
n
Sorry, I could have warned you earlier, but I didn't know what you were doing 🙂
p
I was hoping that this script could be generic enough to deal with any LDAP server so I can opensource it, but that's fine
yeah, no worries
n
I thought you only wanted to read the server
p
ok, I'll fire up the GraphQL libraries instead, that's fine for my immediate use-case
Thanks
I assume I auth using the admin user for this as well?
n
If you want to create users, yes
any member of the 
lldap_admin
group
p
Cool, thanks, I'll give that a go
The end-goal is to have our membership database in Hubspot so we can track and send emails etc, but when they pay to become a member of the hackspace, it adds them to the appropriate LDAP Group so they get automatic access to the space and tools that we have based on what they're paying for
n
oh nice
p
I've already got the RADIUS server setup and talking to LLDAP for WiFi access
so guests get a slower connection than supporters and members
plan is to wrap it all up in a single Docker-Compose file and then opensource it so anyone can use it
LDAP works really nicely for this because it means we can integrate with existing tools and services out there for everything from physical access through to who can update stuff on a kanban board
n
If you use LLDAP for commercial purposes (and you enjoy it), then please consider supporting the project 🙂 https://www.buymeacoffee.com/nitnelave
p
I'll see what I can get out of the committee - we're a non-profit, but that doesn't mean we can't make donations once everything is up and running properly!
www.makemonmouth.co.uk is our website if you want to learn more about us!
n
on the front page, the "check out membership plans" link doesn't work :/
It points to 
/#priceLink
instead of 
/#pricing
But it looks cool!
p
Oh, brilliant, thanks - I've had five people review that and none of them noticed! 🤣
Don't suppose there's an example anywhere of using GraphQL to update a user is there? Save me going through the trial and error?
n
I don't have an example here, but there's always the graphql playground
/api/graphql/playground
p
oh, nice, I had no idea that existed!
OK, making progress again, but can't get the GraphSQL query right to filter by email. In theory, from what I've read,
Copy code
{ users{
  email(filter: {
    eq: "test@test.com"
  })
}
}
Should only pull back the users with an email address of 
test@test.com
, but it's pulling back everything?
Hmmm, looking at the schema, I'm not sure I can do a lookup via email via GraphQL
looks like I might have to look up the user via LDAP and then do the mutation via GraphQL?
@nitnelave - once I've got this working, is there a good way for me to contribute back to the docs? Is it as simple as raising a PR? As soon as you start to get beyond looking up users via ID, the docs seem to fall short. I'm assuming that I need to do something along the lines of
Copy code
query {
    users(filters: {
        eq: {
            field: "email"
            value: "test@test.com"
       }
    })
}
but that returns an error: 
Field users of type [User!] ! must have a selection of subfields.  Did you mean users {...}?
n
You're on the right path, you just need to list the attributes you want
So 
users(filters: ...) { user_id, email }
And yes, to contribute you can just raise a PR
p
Brilliant, thank you!
Copy code
query {
    users(filters: {
        eq: {
            field: "email"
            value: "test@test.com"
       }
    })
  {
    id, email
  }
}
Works perfectly!
PreviousNext
Powered by