LDAP - Attributes Dropdown

[jkoch22]

Bug Description

LDAP "Attribute Names or ID" dropdown only queries objects in directory that have a populated value.

To Reproduce

1. Add LDAP node
2. Use the following settings:
   Credential: Connect to Active Directory domain
   Use Operation "Search"
   Give a base DN of an OU that has person objects in it
   Search for: "Person"
   Attribute "userPrincipalName"
   Search Text: *
   Return all: Checked
   Add option: Attribute Names or IDs
3. Select an attribute in dropdown that exists in the directory but all objects in OU have blank.
4. Error is presented to the user stating the attribute is unsupported.

Expected behavior

Dropdown presents all attributes available in directory or allows manual entry without error.

Operating System

Debian 12

n8n Version

1.72.1

Node.js Version

N/A

Database

SQLite (default)

Execution mode

main (default)

[Joffcom]

Hey @jkoch22,

We have created an internal ticket to look into this which we will be tracking as "N8N-8057"

[Joffcom]

Hey @jkoch22

How many users do you have in your domain?

As I couldn't find an ldap query that returns all ldap objects most checks I did outside of n8n would only return fields that had values what I ended up doing was taking the first 200 users and building the list based on unique values from there.

For anything that didn't appear the field needs to be set to an expression and from there you can enter a comma separated list of fields to display (with no space so field,field2 not field, field2).

Can you share the exact error message you get about the attribute not being supported? Can you also go to the node settings and enable the debug option then run the query and share the output from the n8n server log (replacing any sensitive values with xxxx so we don't lost any context)

[jkoch22]

Thanks for getting back to me @Joffcom. I have about 25000 users in the domain. I think I have a little more information about this issue. So if the LDAP query has users with a value in an attribute like, telephoneNumber, you would see that attribute in the dropdown and set it. Then later if that query no longer returns users that have a value in that same attribute, the dropdown will spit out an error saying that the value is unsupported. Coincidentally, using an expression with two values appears to function correctly if the values are double quoted but still reports an error. Also, on a side note, switching from having a single value in the fixed dropdown list to an expression doesn't work until the value is double quoted.

To Summarize my issue, it appears that this node throws an error even though it's working as intended. A future feature request would be to perhaps query the schema of the directory to retrieve all usable attributes rather than summarize the attributes that were available in that specific query since not every usable attribute is returned from the directory. Similar to running the following against and Active Directory server. "ldapsearch -H ldap://dc.example.com -b "CN=Schema,CN=Configuration,DC=example,DC=com" -D "<DN of bind user>" -w '<password of bind user>' -s sub -x "(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" "lDAPDisplayName" "cn"

Error when using two attributes in expression:

Error when using an attribute that isn't populated in current search:

[Joffcom]

Hey @jkoch22,

When using the expression option to type in the values you don't need to include the {{ }} just input the strings and it should be all good. The UI notice though shouldn't matter if the node works.

The second one with the selected makes sense I will need to update the getAtrributes call to actually get all useable fields, Will just need to find an option that is friendly for all LDAP types. Assuming (&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE)) does the job I can get that implemented, Let me set up a test ldap server again and see what I can come up with.