Hi,
I'm using the ldapgroup command from SA-ldapsearch (Splunk Supporting Add-on for Active Directory). It allows me to get obtain nested users in AD groups. However, there is a problem with the command when running the command for certain groups in my AD. Although we can't "see it", there seem to be "list objects" in some of the AD groups and/or users, as opposed to "normal" string objects. we get the following error in Splunk when trying to use the ldapgroup command on these groups (cut away some not interesting lines).
AttributeError at ".../ldapgroup.py": 'list' object has no attribute 'split'
Traceback:
...
netbios_domain_name = entry_attributes.get('msDS-principalName', ' ').split('\\',1)[0]
Does anyone have a solution to this problem other than manually going through AD and changing all the list objects? That would also mean we would need a way to actually identify these objects. In addition, is there any arguments for not using list objects in AD? If not, then the ldapgroup script should have supported list objects as well, and I can file this as a bug/improvement.
↧