How would you grab just the distinguishedName value from the LDAP plugin output so it can be used for another action?

hayden_redd · January 28, 2021, 3:31pm

I am looking at how to get only the DN from the results of the AD LDAP plugin’s Query action.

For example I do an LDAP query of (mail={email}) since it seems to be reliable and it returns a ton of output.

This is the output object which is of type [array][object] or

so I tried {{[“Query For AD User”].[results].[0].[attributes].[distinguishedname]}}

this is not returning just the DN though.

How would you grab just the distinguishedName value so it can be used for another action?

joey_mcadams · January 28, 2021, 3:42pm

distinguishedName

You need to cap the N in Name.

Microsoft does camel case, and we usually do snake case, so some of the MS output will do funky things like that.

hayden_redd · January 28, 2021, 3:52pm

{{[“Query For AD User”].[results].[0].[attributes].[distinguishedName]}} is still returning the same output.

Let me add that I am putting this var in an artifact to tell what is going on. For some reason it actually just adds this var to the end of the output for {{[“Query For AD User”].[results]}} as “dn”:"{{[“Query For AD User”].[results].[0].[attributes].[distinguishedName]}}"

brandon_mcclure · January 28, 2021, 4:58pm

{{[“Active Directory Users”].[results].[0].[attributes].[distinguishedName]}} has never given me issues returning the dn. I use this both in Artifacts, Joins, and always use this output as the input to any password reset, enable, or disable action.
Just curious, what does this give you in an artifact?

{{#each ["Query For AD User"].[results]}}
{{#with attributes}}
 “dn”:"{{distinguishedName}}"
{{/with}}
{{/each}}

hayden_redd · January 28, 2021, 5:35pm

comes back with “dn”:“CN=user info…”

brandon_mcclure · January 28, 2021, 5:57pm

I wonder if your pulling back more than one Object?
After my LDAP queries I always do a Decision Step on the the count of results to make sure I only am working with one account. I then do a Type Converter of String to Object on [results].[0].[attributes] so further down the line I have an easy object to work with e.g. {{[“AD User”].[output].[distinguishedName]}} this is needed if you want to check this in a Decision Step to see if the dn contains an OU

hayden_redd · January 28, 2021, 6:11pm

I do this now in an artifact and use the string it creates for the DN now.

how do you measure the count of the results, curious?

brandon_mcclure · January 28, 2021, 6:26pm

length({{[“Query For AD User”].[results]}}) = 1

jon_schipp · February 1, 2021, 7:32pm

We just pushed up an update to the plugin to return the number of results in a variable called count to make it a little more user-friendly. In addition, we now support the ability to query on attributes.

More updates to AD/LDAP plugin forthcoming.

brandon_mcclure · February 1, 2021, 9:41pm

So far this has been working great! There was so much “extra” information that my queries were pulling back that I didn’t need. This is way cleaner. Also, the count is a nice touch, I switched my decisions to start using this

hayden_redd · February 1, 2021, 10:06pm

these Rapid7 folks are on the money $$$, I just made the same change. Rock on!