Comment #2 on issue 1641 by bryan.weingarten: Required LDAP OPT_REFERRALS
FAQ #13 from http://www.python-ldap.org/faq.shtml
Basically we require turning off "chasing referrels" for our ldap client to
The line to turn off referrals just goes immediately after each
I'm sure many people would not require or want this, so it's best to add
this as an
option to "Disable referrals" in the LDAP settings. I don't know anything
either. LDAP in Review Board was not working for me and I had to
python-ldap and a lot of googling to figure this out. Then when I looked
Board code, it was obvious that it was missing this one line of code. When
it, Review Board was able to successfully authenticate for us.
Q: My script bound to MS Active Directory but a a search operation results
exception ldap.OPERATIONS_ERROR with the diagnostic messages text "In order
perform this operation a successful bind must be completed on the
What's happening here?
A: When searching from the domain level MS AD returns referrals (search
continuations) for some objects to indicate to the client where to look for
objects. Client-chasing of referrals is a broken concept since LDAPv3 does
specify which credentials to use when chasing the referral. Windows clients
supposed to simply use their Windows credentials but this does not work in
when chasing referrals received from and pointing to arbitrary LDAP servers.
Therefore per default libldap automatically chases the referrals internally
anonymous access which fails with MS AD.
So best thing is to switch this behaviour off:
l = ldap.initialize('ldap://foobar')
You received this message because you are subscribed to the Google Groups
To post to this group, send email to reviewboard-iss...@googlegroups.com.
To unsubscribe from this group, send email to
For more options, visit this group at