starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 00:05:50 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[PR #1254] [MERGED] Add memberOf attribute definition to LDAP schema #1212

New issue
Closed
opened 2026-02-27 09:11:20 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 09:11:20 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/lldap/lldap/pull/1254
Author: @nitnelave
Created: 8/20/2025
Status: Merged
Merged: 8/21/2025
Merged by: @nitnelave

Base: mainHead: copilot-ldap

📝 Commits (1)

  • 5e2a850 Add memberOf attribute definition to LDAP schema

📊 Changes

1 file changed (+7 additions, -6 deletions)

View changed files

📝 crates/ldap/src/search.rs (+7 -6)

📄 Description

From https://github.com/lldap/lldap/pull/1250 :

The memberOf attribute was missing from the LDAP schema definition returned by LLDAP, causing some LDAP clients (like Python's ldap3 library) to reject searches using the memberOf attribute with an LDAPAttributeError.

While the memberOf functionality worked correctly for searches and filters, the attribute was not declared in the schema's attributeTypes section, leading to client-side validation failures.

This change adds the memberOf attribute definition to the hardcoded attributes list in the LDAP schema response with:

  • OID: 1.2.840.113556.1.2.102 (Microsoft's standard OID for memberOf)

  • Distinguished Name syntax for group DN values

  • Multi-valued attribute (no SINGLE-VALUE restriction)

  • NO-USER-MODIFICATION flag (computed attribute)

The fix ensures LDAP clients can properly validate and use the memberOf attribute in search filters and attribute requests without schema validation errors.

Example that now works:

from ldap3 import Server, Connection, SUBTREE, AUTO_BIND_NO_TLS
from ldap3.utils.conv import escape_filter_chars

server = Server("localhost", port=3890)
connection = Connection(server, user="uid=admin,ou=people,dc=example,dc=com", password="password", auto_bind=AUTO_BIND_NO_TLS)
connection.search(
    search_base="ou=people,dc=example,dc=com",
    search_filter="(&(memberof=cn=test_user,ou=groups,dc=example,dc=com)(|(uid=test@test.com)(mail=test@test.com)))",
    search_scope=SUBTREE,
    attributes=["uid"]
)
# No longer throws: ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf

Fixes https://github.com/lldap/lldap/issues/1249.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/lldap/lldap/pull/1254 **Author:** [@nitnelave](https://github.com/nitnelave) **Created:** 8/20/2025 **Status:** ✅ Merged **Merged:** 8/21/2025 **Merged by:** [@nitnelave](https://github.com/nitnelave) **Base:** `main` ← **Head:** `copilot-ldap` --- ### 📝 Commits (1) - [`5e2a850`](https://github.com/lldap/lldap/commit/5e2a85031cb61eb8d71543d626815ae9412a4c96) Add memberOf attribute definition to LDAP schema ### 📊 Changes **1 file changed** (+7 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `crates/ldap/src/search.rs` (+7 -6) </details> ### 📄 Description From https://github.com/lldap/lldap/pull/1250 : The memberOf attribute was missing from the LDAP schema definition returned by LLDAP, causing some LDAP clients (like Python's ldap3 library) to reject searches using the memberOf attribute with an LDAPAttributeError. While the memberOf functionality worked correctly for searches and filters, the attribute was not declared in the schema's attributeTypes section, leading to client-side validation failures. This change adds the memberOf attribute definition to the hardcoded attributes list in the LDAP schema response with: - OID: 1.2.840.113556.1.2.102 (Microsoft's standard OID for memberOf) - Distinguished Name syntax for group DN values - Multi-valued attribute (no SINGLE-VALUE restriction) - NO-USER-MODIFICATION flag (computed attribute) The fix ensures LDAP clients can properly validate and use the memberOf attribute in search filters and attribute requests without schema validation errors. Example that now works: ```python from ldap3 import Server, Connection, SUBTREE, AUTO_BIND_NO_TLS from ldap3.utils.conv import escape_filter_chars server = Server("localhost", port=3890) connection = Connection(server, user="uid=admin,ou=people,dc=example,dc=com", password="password", auto_bind=AUTO_BIND_NO_TLS) connection.search( search_base="ou=people,dc=example,dc=com", search_filter="(&(memberof=cn=test_user,ou=groups,dc=example,dc=com)(|(uid=test@test.com)(mail=test@test.com)))", search_scope=SUBTREE, attributes=["uid"] ) # No longer throws: ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf ``` Fixes https://github.com/lldap/lldap/issues/1249. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-27 09:11:20 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#1212
No description provided.