[python-ldap] Getting duplicate entries when calling a search to an Active Directory server
William Brown
william at blackhats.net.au
Tue Aug 4 18:47:59 EDT 2020
> On 5 Aug 2020, at 00:36, Gilad Sever via python-ldap <python-ldap at python.org> wrote:
>
> Hi,
> When calling a search_ext() query to an AD server, I get inconsistent results.
> Each time I query I receive different amount of duplicate, identical group objects.
Do you have referrals disabled? By default AD always sends referrals (including a referral to itself) which means the client (by default) follows them which could cause you to see the same object twice.
> E.g: I have 10 groups but I sometimes I get 12 - 2 groups twice.
> I query while filtering groups: (&(objectClass=group)(member=*))
> I tried tweaking the parameters and oddly this happens only when asking for the "member" attribute (also when not sending any attributes which returns all the results.
> I captured the response before reaching the client and the server actually sends duplicate entires.
> This occurs with ldapsearch as well.
> If anyone experienced something familiar I would be glad to know if this is common with AD and if there is a way to avoid this.
> Thank you,
> Gilad.
>
> Gilad Sever
> Software Developer
> <Outlook-raak3fkv.png>
> _______________________________________________
> python-ldap mailing list
> python-ldap at python.org
> https://mail.python.org/mailman/listinfo/python-ldap
--
Sincerely,
William
More information about the python-ldap
mailing list