Merge pull request #117 from nurfed1/attribute_error_fix

ly4k · Jun 21, 2023 · 0c19aa0 · 0c19aa0
2 parents 6eb4f4e + 10b062f
commit 0c19aa0
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/certipy/lib/ldap.py b/certipy/lib/ldap.py
@@ -404,14 +404,17 @@ def lookup_sid(self, sid: str) -> LDAPEntry:
                 }
             )
 
+        attributes = [
+            "sAMAccountType",
+            "name",
+            "objectSid",
+        ]
+        # Only request msDS-GroupMSAMembership when it exists in the schema. Else the ldap3 module will return an LDAPAttributeError error.
+        if self.ldap_conn.server.schema and "msDS-GroupMSAMembership" in self.ldap_conn.server.schema.attribute_types:
+            attributes.append("msDS-GroupMSAMembership")
         results = self.search(
             "(objectSid=%s)" % sid,
-            attributes=[
-                "sAMAccountType",
-                "name",
-                "msDS-GroupMSAMembership",
-                "objectSid",
-            ],
+            attributes=attributes,
         )
 
         if len(results) != 1: