Re: Python LDAP
Le 07/04/11 21:04, Chris Dukes a écrit : On Thu, Apr 07, 2011 at 07:59:55PM +0200, Godefroid Chapelle wrote: Hi, I am trying to access a Lotus Notes LDAP server. I got the information from the Notes admin that I should use a Base DN that consists of a single space. That feels very strange to me. The problem you are having is not specific to python-ldap, nor Lotus LDAP. Be the DN '' (an empty string) or ' ' (A space) or '' (Lots of spaces) it's the DN of the root of the tree on that LDAP server. Has one of the subscribers already succeeded to connect to Lotus Notes ? I suggest attempting the following against the Lotus Domino LDAP. ldapsearch -h LDAPServer -x -b '' -s base 'objectclass=*' This will return the LDAP entry for the root of the tree, which may or may not contain anything interesting. Now look one level further down. ldapsearch -h LDAPServer -x -b '' -s one 'objectclass=*' Which will probably show all of groups. Thanks -- Godefroid Chapelle (aka __gotcha) http://bubblenet.be The hints you gave about the use of ldapsearch enabled me to understand better the setup of the Notes server I was trying to search. I have now a working setup : thanks for this ! -- Godefroid Chapelle (aka __gotcha) http://bubblenet.be -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Python LDAP
Hi, I am trying to access a Lotus Notes LDAP server. I got the information from the Notes admin that I should use a Base DN that consists of a single space. That feels very strange to me. Has one of the subscribers already succeeded to connect to Lotus Notes ? Thanks -- Godefroid Chapelle (aka __gotcha) http://bubblenet.be -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap as replication client
Eric Brunson wrote: The new code works great, thanks so much for the new features. I do have one issue, and maybe I'm just not looking in the correct place. The Sync Info Message returns a syncInfoValue which is a BER encoded ASN.1 CHOICE structure: syncInfoValue ::= CHOICE { newcookie [0] syncCookie, refreshDelete [1] SEQUENCE { cookie syncCookie OPTIONAL, refreshDoneBOOLEAN DEFAULT TRUE }, refreshPresent [2] SEQUENCE { cookie syncCookie OPTIONAL, refreshDoneBOOLEAN DEFAULT TRUE }, syncIdSet [3] SEQUENCE { cookie syncCookie OPTIONAL, refreshDeletes BOOLEAN DEFAULT FALSE, syncUUIDs SET OF syncUUID } } The data is returned and I've been able to successfully decode it with the PyASN1 BER codec, but I can't find any indication of the choice index being returned in the value. I don't know that the refreshDelete and the refreshPresent are distinguishable from each other without additional information, but I see that the value being returned from result4() is simply what ldap_parse_intermediate() returns, without any indication of the choice index. Looking at the raw BER encoded packet in wireshark, it would seem that the two bytes before the data being returned have the index embedded in the second byte. I'm sure this must simply be something I'm overlooking. Any help? Could you share a short script demonstrating this? Ciao, Michael. -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap as replication client
On 03/23/2011 01:11 AM, Michael Ströder wrote: Eric Brunson wrote: The new code works great, thanks so much for the new features. I do have one issue, and maybe I'm just not looking in the correct place. The Sync Info Message returns a syncInfoValue which is a BER encoded ASN.1 CHOICE structure: syncInfoValue ::= CHOICE { newcookie [0] syncCookie, refreshDelete [1] SEQUENCE { cookie syncCookie OPTIONAL, refreshDoneBOOLEAN DEFAULT TRUE }, refreshPresent [2] SEQUENCE { cookie syncCookie OPTIONAL, refreshDoneBOOLEAN DEFAULT TRUE }, syncIdSet [3] SEQUENCE { cookie syncCookie OPTIONAL, refreshDeletes BOOLEAN DEFAULT FALSE, syncUUIDs SET OF syncUUID } } The data is returned and I've been able to successfully decode it with the PyASN1 BER codec, but I can't find any indication of the choice index being returned in the value. I don't know that the refreshDelete and the refreshPresent are distinguishable from each other without additional information, but I see that the value being returned from result4() is simply what ldap_parse_intermediate() returns, without any indication of the choice index. Looking at the raw BER encoded packet in wireshark, it would seem that the two bytes before the data being returned have the index embedded in the second byte. I'm sure this must simply be something I'm overlooking. Any help? Could you share a short script demonstrating this? I've done some more reading and I think I'm mistaken about there being some sort of index indicating the type of choice that was encoded. The documentation for the PyASN library implies that the decoder has to infer the choice based on the structure of the data, which seems odd. Thanks for the reply, I'll get back to you when I figure something out. e. -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Roadmap for python-ldap 2.4
HI! I'd like to get final release 2.4.0 out begin of May and I'm currently thinking of what should still to be added. Focus is still Python 2.x. There are some considerations which I'm not sure about yet: 1. Unicode support for DNs, filter strings, etc. but not entry attributes! (Everybody asking for the latter should check the mailing list archive first.) 2. Split LDAPControl into separate classes LDAPRequestControl and LDAPResponseControl. 3. OID-based registry especially for response controls so they can be decoded on-the-fly when received before being returned to the calling application. 4. Use module logging for debug trace messages. I've already added the *very* simple sub-module ldap.logger. 5. Use pyasn1 to implement more controls and extended operations. Input welcome. Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Minimum version of OpenLDAP libs for python-ldap 2.4.x?
On Mar 5, 2011, at 2:45 AM, Michael Ströder wrote: Again it's time to think about the minimum required version of OpenLDAP libs to be used for building upcoming python-ldap 2.4.0. Does it mean py-ldap-2.4.0 won't support OpenLDAP-2.3.x series? Debian 5, RHEL/CentOS 5 ships OpenLDAP-2.3.x. I don't think it's a good strategy to force sys admin to compile/install openldap-2.4 on production server, if they want to update openldap, they have to compile again and again. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Hi On 7 February 2011 19:29, Rich Megginson rich.meggin...@gmail.com wrote: On 02/05/2011 01:42 PM, Michael Wood wrote: Hi On 4 February 2011 17:35, Rich Megginsonrich.meggin...@gmail.com wrote: On 02/03/2011 11:59 PM, Michael Wood wrote: On 4 February 2011 08:32, James Andrewarthajam...@daa.com.au wrote: [...] Debian uses GnuTLS because OpenSSL has the non-GPL compatible advertising clause, and libldap is linked into many GPL applications. So Ah, good point. the solutions are fix the OpenSSL licensing or make GnuTLS not suck; I Or switch to something else. OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed GPLv2+/LGPLv2+/MPL) for crypto Fedora 14 and later use this instead of OpenSSL Interesting. But co-incidentally, there's a thread currently on the libcurl mailing list about comparisons between different SSL/TLS libs that are supported by libcurl. Howard Chu posted about GnuTLS and later about NSS. In the NSS message he said: I understand that RedHat is now building their OpenLDAP packages with our MozNSS support. I don't believe this combination is ready for primetime by any measure. They still don't even have release quality code for handling PEM files, and their current experimental code crashes/misbehaves in common (for OpenSSL) deployment scenarios. No doubt Howard has been alarmed by the frequency of my patch submissions and the severity of the bugs they fix. Ah, sorry for opening up a can of worms :) https://bugzilla.mozilla.org/show_bug.cgi?id=402712 This is for adding the PEMNSS module to Mozilla NSS upstream. The code has been used for years now, first in nss_compat_ossl (a library wrapper that implements OpenSSL APIs with Mozilla NSS code) and in libnsspem in RHEL/Fedora (part of the RHEL/Fedora nss package). I am not wedded to PEM. Perhaps NSS is the answer. Now someone just needs to convince Debian and/or Ubuntu of that :) I have no idea if anyone's tried. https://bugzilla.redhat.com/show_bug.cgi?id=642433; This has already been fixed both in OpenLDAP upstream and in current RHEL/Fedora code. IMHO OpenLDAP with MozNSS is close to being stable. I'm not just saying that - I'm prepared to put my money where my mouth is and so is my employer, Red Hat, who has committed to using OpenLDAP with MozNSS in Fedora and RHEL. Also note that two of the core Mozilla NSS developers, including those working on Mozilla PEMNSS, are also Red Hat employees. OK You can also use OpenLDAP with MozNSS without using PEM files at all if you are concerned about using the libnsspem module - http://www.openldap.org/faq/index.cgi?file=1514 Well, as I said above, I'm not wedded to PEM. I am using Ubuntu for reasons not related to OpenLDAP and so would prefer to use official Ubuntu packages rather than compiling OpenLDAP myself and then having to keep it up to date. So for me, I think it would be best if Ubuntu switched to an SSL library for OpenLDAP that did not cause me problems like I had when using python-ldap - OpenLDAP - GnuTLS. Of course, the chances of Ubuntu switching just because I think it would be best are minimal :) Especially because I am not intimately familiar with all the issues. Why is Fedora/Red Hat doing this at all? Why bother? https://fedoraproject.org/wiki/FedoraCryptoConsolidation Thanks for that link. I agree it's a worthy goal and it sounds like NSS is the way to go. I hope Debian and Ubuntu follow suit. -- Michael Wood esiot...@gmail.com -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
On 02/05/2011 01:42 PM, Michael Wood wrote: Hi On 4 February 2011 17:35, Rich Megginsonrich.meggin...@gmail.com wrote: On 02/03/2011 11:59 PM, Michael Wood wrote: On 4 February 2011 08:32, James Andrewarthajam...@daa.com.auwrote: [...] Debian uses GnuTLS because OpenSSL has the non-GPL compatible advertising clause, and libldap is linked into many GPL applications. So Ah, good point. the solutions are fix the OpenSSL licensing or make GnuTLS not suck; I Or switch to something else. OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed GPLv2+/LGPLv2+/MPL) for crypto Fedora 14 and later use this instead of OpenSSL Interesting. But co-incidentally, there's a thread currently on the libcurl mailing list about comparisons between different SSL/TLS libs that are supported by libcurl. Howard Chu posted about GnuTLS and later about NSS. In the NSS message he said: I understand that RedHat is now building their OpenLDAP packages with our MozNSS support. I don't believe this combination is ready for primetime by any measure. They still don't even have release quality code for handling PEM files, and their current experimental code crashes/misbehaves in common (for OpenSSL) deployment scenarios. No doubt Howard has been alarmed by the frequency of my patch submissions and the severity of the bugs they fix. https://bugzilla.mozilla.org/show_bug.cgi?id=402712 This is for adding the PEMNSS module to Mozilla NSS upstream. The code has been used for years now, first in nss_compat_ossl (a library wrapper that implements OpenSSL APIs with Mozilla NSS code) and in libnsspem in RHEL/Fedora (part of the RHEL/Fedora nss package). https://bugzilla.redhat.com/show_bug.cgi?id=642433; This has already been fixed both in OpenLDAP upstream and in current RHEL/Fedora code. IMHO OpenLDAP with MozNSS is close to being stable. I'm not just saying that - I'm prepared to put my money where my mouth is and so is my employer, Red Hat, who has committed to using OpenLDAP with MozNSS in Fedora and RHEL. Also note that two of the core Mozilla NSS developers, including those working on Mozilla PEMNSS, are also Red Hat employees. You can also use OpenLDAP with MozNSS without using PEM files at all if you are concerned about using the libnsspem module - http://www.openldap.org/faq/index.cgi?file=1514 Why is Fedora/Red Hat doing this at all? Why bother? https://fedoraproject.org/wiki/FedoraCryptoConsolidation Here's the link to the message in libcurl's mailing list archive: http://curl.haxx.se/mail/lib-2011-02/0043.html -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Hi On 4 February 2011 17:35, Rich Megginson rich.meggin...@gmail.com wrote: On 02/03/2011 11:59 PM, Michael Wood wrote: On 4 February 2011 08:32, James Andrewarthajam...@daa.com.au wrote: [...] Debian uses GnuTLS because OpenSSL has the non-GPL compatible advertising clause, and libldap is linked into many GPL applications. So Ah, good point. the solutions are fix the OpenSSL licensing or make GnuTLS not suck; I Or switch to something else. OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed GPLv2+/LGPLv2+/MPL) for crypto Fedora 14 and later use this instead of OpenSSL Interesting. But co-incidentally, there's a thread currently on the libcurl mailing list about comparisons between different SSL/TLS libs that are supported by libcurl. Howard Chu posted about GnuTLS and later about NSS. In the NSS message he said: I understand that RedHat is now building their OpenLDAP packages with our MozNSS support. I don't believe this combination is ready for primetime by any measure. They still don't even have release quality code for handling PEM files, and their current experimental code crashes/misbehaves in common (for OpenSSL) deployment scenarios. https://bugzilla.mozilla.org/show_bug.cgi?id=402712 https://bugzilla.redhat.com/show_bug.cgi?id=642433; Here's the link to the message in libcurl's mailing list archive: http://curl.haxx.se/mail/lib-2011-02/0043.html -- Michael Wood esiot...@gmail.com -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Michael Wood wrote: I do hold out some hope that issues like this in GnuTLS (or in the software using GnuTLS?) can get fixed, though. The issues with GnuTLS are known since years now I suspect that everybody setting up a serious (Open-)LDAP deployment just builds with OpenSSL and therefore nobody is using GnuTLS seriously. So nobody sees a benefit for investing in getting GnuTLS improved. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
On 02/04/2011 09:15 AM, Michael Ströder wrote: Rich Megginson wrote: OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed GPLv2+/LGPLv2+/MPL) for crypto Fedora 14 and later use this instead of OpenSSL I see some benefits using Mozilla NSS especially with LDAP clients. But I wonder whether we could use it from python-ldap via OpenLDAP just like Mozilla clients use it. Yes. I've been using it for a while like that. For more information: http://www.openldap.org/faq/index.cgi?file=1514 I'm thinking of support for PKCS#11 tokens and adding trusted certs. See the above FAQ - there is some information there about use of tokens other than the default builtin softtoken. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
On 02/03/2011 04:34 AM, Michael Wood wrote: Hi I'm trying to do a search against Samba 4's LDAP server and it works, but the bind and search are both successful, everything hangs when I try to unbind from the LDAP server. If anyone could enlighten me I would be grateful. I've run into the same issue on various different Linux machines with a range of OpenLDAP and python-ldap versions, but it seems to work fine on a Mac running Leopard. e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and python-ldap 2.3.10-1ubuntu1. I've also tried upgrading python-ldap to 2.3.12, but that does not seep to have helped. Try enabling ldap debug logging - before the first call to ldap.initialize, add this: ldap.set_option(ldap.OPT_DEBUG_LEVEL, 1) def test(username, password): base = DC=example,DC=com userbase = CN=Users, + base userdn = CN=%s,%s % (username, userbase) ldap_server = ldap://example.com; conn = ldap.initialize(ldap_server) conn.set_option(ldap.OPT_REFERRALS, 0) # Doesn't appear to make a difference conn.start_tls_s() try: conn.simple_bind_s(userdn, password) logging.debug(Bind succeeded for '%s', username) except ldap.LDAPError, e: logging.warn(Authentication failed for '%s', username) return False res = conn.search_s(CN=Some Group,CN=Users,DC=bluebird,DC=co,DC=za, ldap.SCOPE_BASE, filterstr=(member=%s) % userdn, attrlist=[member]) if len(res) != 1: logging.debug(User '%s' is not in the Some Group group, username) conn.unbind() return False logging.debug(User '%s' appears to be in the Some Group group, username) conn.unbind() #- hangs here for 15 minutes. logging.debug(Unbound.) return True -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Hi On 3 February 2011 18:16, Rich Megginson rich.meggin...@gmail.com wrote: On 02/03/2011 04:34 AM, Michael Wood wrote: Hi I'm trying to do a search against Samba 4's LDAP server and it works, but the bind and search are both successful, everything hangs when I try to unbind from the LDAP server. If anyone could enlighten me I would be grateful. I've run into the same issue on various different Linux machines with a range of OpenLDAP and python-ldap versions, but it seems to work fine on a Mac running Leopard. e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and python-ldap 2.3.10-1ubuntu1. I've also tried upgrading python-ldap to 2.3.12, but that does not seep to have helped. Try enabling ldap debug logging - before the first call to ldap.initialize, add this: ldap.set_option(ldap.OPT_DEBUG_LEVEL, 1) Thanks for the suggestion. I'll give it a try tomorrow. In the mean time, someone pointed me at this: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6673selectid=6673usearchives=1 It did not seem to match my situation because it talks about broken TCP connections: When a network connection to the LDAP server fails (is severed with iptables in my set-up) But I thought it was worth a try to recompile OpenLDAP and link with OpenSSL instead of GnuTLS. After doing that, the problem went away! So this seems not to have anything to do with python-ldap. -- Michael Wood esiot...@gmail.com -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Hi 2011/2/3 Michael Ströder mich...@stroeder.com: Michael Wood wrote: On 3 February 2011 18:16, Rich Megginson rich.meggin...@gmail.com wrote: On 02/03/2011 04:34 AM, Michael Wood wrote: e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and python-ldap 2.3.10-1ubuntu1. [..] But I thought it was worth a try to recompile OpenLDAP and link with OpenSSL instead of GnuTLS. After doing that, the problem went away! That was my first idea when I read that you're using Ubuntu (based on Debian). There have been so many issues with OpenLDAP linked with GnuTLS during the last years. I really wonder why the Debian folks force everybody to use this. IMO that's a major issue with Debian. OK, well, next time I'll know. I suppose it's one way to get GnuTLS to improve :) The strange thing is that ldapsearch on the command line did not have the same problem. Thanks. -- Michael Wood esiot...@gmail.com -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
On 04/02/11 03:31, Michael Ströder wrote: Michael Wood wrote: On 3 February 2011 18:16, Rich Megginson rich.meggin...@gmail.com wrote: On 02/03/2011 04:34 AM, Michael Wood wrote: e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and python-ldap 2.3.10-1ubuntu1. [..] But I thought it was worth a try to recompile OpenLDAP and link with OpenSSL instead of GnuTLS. After doing that, the problem went away! That was my first idea when I read that you're using Ubuntu (based on Debian). There have been so many issues with OpenLDAP linked with GnuTLS during the last years. I really wonder why the Debian folks force everybody to use this. IMO that's a major issue with Debian. Debian uses GnuTLS because OpenSSL has the non-GPL compatible advertising clause, and libldap is linked into many GPL applications. So the solutions are fix the OpenSSL licensing or make GnuTLS not suck; I have no hope of either occurring. James Andrewartha -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Can't install python-ldap from pypi.python.org
Hi, developers. I can't install python-ldap from pypi.python.org, will you consider fixing it? First of all, there's a compile issue with py-ldap-2.3.12 on RHEL/CentOS 5.x: http://marc.info/?t=12815231342r=1w=2 Old versions are not available: #-- # easy_install python-ldap==2.3.11 Searching for python-ldap==2.3.11 Reading http://cheeseshop.python.org/pypi/python-ldap/ Reading http://www.python-ldap.org/ Reading http://cheeseshop.python.org/pypi/python-ldap/2.3.12 No local packages or download links found for python-ldap==2.3.11 error: Could not find suitable distribution for Requirement.parse('python-ldap==2.3.11') # easy_install python-ldap==2.3.10 Searching for python-ldap==2.3.10 Reading http://cheeseshop.python.org/pypi/python-ldap/ Reading http://www.python-ldap.org/ Reading http://cheeseshop.python.org/pypi/python-ldap/2.3.12 No local packages or download links found for python-ldap==2.3.10 error: Could not find suitable distribution for Requirement.parse('python-ldap==2.3.10') # easy_install python-ldap==2.3.9 Searching for python-ldap==2.3.9 Reading http://cheeseshop.python.org/pypi/python-ldap/ Reading http://www.python-ldap.org/ Reading http://cheeseshop.python.org/pypi/python-ldap/2.3.12 No local packages or download links found for python-ldap==2.3.9 error: Could not find suitable distribution for Requirement.parse('python-ldap==2.3.9') #-- -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Installing python-ldap 2.3.12 fails
When I install the most recent python-ldap on my CentOS5 box (which has Python2.6 from IUS) it fails. Previously I was able to install python-ldap on a similarly provisioned host. gcc-4.1.2-48.el5 openldap-devel-2.3.43-12.el5_5.2 openssl-devel-0.9.8e-12.el5_4.6 python26-devel-2.6.5-3.el5 Searching for python-ldap Reading http://pypi.python.org/simple/python-ldap/ Reading http://www.python-ldap.org/ Reading http://python-ldap.sourceforge.net/ Reading http://sourceforge.net/project/showfiles.php?group_id=2072package_id=2011 Best match: python-ldap 2.3.12 Downloading http://pypi.python.org/packages/source/p/python-ldap/python-ldap-2.3.12.tar.gz#md5=2dadc521b2c2590d9b033894ba5c6f31 Processing python-ldap-2.3.12.tar.gz Running python-ldap-2.3.12/setup.py -q bdist_egg --dist-dir /tmp/easy_install-l2DIor/python-ldap-2.3.12/egg-dist-tmp-NfH6yQ extra_compile_args: extra_objects: include_dirs: /usr/local/openldap-2.3/include /usr/include/sasl library_dirs: /usr/local/openldap-2.3/lib libs: ldap_r lber sasl2 ssl crypto file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found warning: no files found matching 'Makefile' warning: no files found matching 'Modules/LICENSE' file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found Modules/constants.c: In function ‘LDAPinit_constants’: Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_CRLFILE’ undeclared (first use in this function) Modules/constants.c:184: error: (Each undeclared identifier is reported only once Modules/constants.c:184: error: for each function it appears in.) error: Setup script exited with error: command 'gcc' failed with exit status 1 -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Installing python-ldap 2.3.12 fails
Adam Tauno Williams wrote: When I install the most recent python-ldap on my CentOS5 box (which has Python2.6 from IUS) it fails. Previously I was able to install python-ldap on a similarly provisioned host. Hmm, known problem...(see below) Ciao, Michael. Original Message Subject: Re: python-ldap-2.3.12: Compile error on CentOS 5.5, i386 Date: Wed, 11 Aug 2010 20:42:56 +0200 From: Michael Ströder mich...@stroeder.com To: Zhang Huangbin zhbmaillisto...@gmail.com CC: Python Developer List python-ldap-dev@lists.sourceforge.net Zhang Huangbin wrote: On Aug 9, 2010, at 11:43 PM, Michael Ströder wrote: Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.3.12 Compile error on CentOS 5.5, i386: [..] Modules/constants.c: In function ‘LDAPinit_constants’: Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_CRLFILE’ undeclared (first use in this function) Modules/constants.c:184: error: (Each undeclared identifier is reported only once Modules/constants.c:184: error: for each function it appears in.) error: Setup script exited with error: command 'gcc' failed with exit status 1 Looks like an older OpenLDAP release. Please try the patch below. Ciao, Michael. Index: Modules/constants.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v retrieving revision 1.47 diff -u -r1.47 constants.c --- Modules/constants.c 7 May 2010 13:22:40 - 1.47 +++ Modules/constants.c 11 Aug 2010 05:14:47 - @@ -181,7 +181,9 @@ #ifdef LDAP_OPT_X_TLS_CRLCHECK /* only available if OpenSSL supports it = might cause backward compability problems */ add_int(d,OPT_X_TLS_CRLCHECK); +#ifdef LDAP_OPT_X_TLS_CRLFILE add_int(d,OPT_X_TLS_CRLFILE); +#endif add_int(d,OPT_X_TLS_CRL_NONE); add_int(d,OPT_X_TLS_CRL_PEER); add_int(d,OPT_X_TLS_CRL_ALL); -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap-2.3.12: Compile error on CentOS 5.5, i386
On Aug 12, 2010, at 2:42 AM, Michael Ströder wrote: Looks like an older OpenLDAP release. Please try the patch below. Ciao, Michael. Index: Modules/constants.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v retrieving revision 1.47 diff -u -r1.47 constants.c --- Modules/constants.c 7 May 2010 13:22:40 - 1.47 +++ Modules/constants.c 11 Aug 2010 05:14:47 - @@ -181,7 +181,9 @@ #ifdef LDAP_OPT_X_TLS_CRLCHECK /* only available if OpenSSL supports it = might cause backward compability problems */ add_int(d,OPT_X_TLS_CRLCHECK); +#ifdef LDAP_OPT_X_TLS_CRLFILE add_int(d,OPT_X_TLS_CRLFILE); +#endif add_int(d,OPT_X_TLS_CRL_NONE); add_int(d,OPT_X_TLS_CRL_PEER); add_int(d,OPT_X_TLS_CRL_ALL); This patch fixes it. Will you release a 2.3.12.1 version for this fix? -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
python-ldap-2.3.12: Compile error on CentOS 5.5, i386
On Aug 9, 2010, at 11:43 PM, Michael Ströder wrote: Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.3.12 Compile error on CentOS 5.5, i386: # easy_install python-ldap==2.3.12 Searching for python-ldap==2.3.12 Reading http://cheeseshop.python.org/pypi/python-ldap/ Reading http://www.python-ldap.org/ Reading http://cheeseshop.python.org/pypi/python-ldap/2.3.12 Best match: python-ldap 2.3.12 Downloading http://pypi.python.org/packages/source/p/python-ldap/python-ldap-2.3.12.tar.gz#md5=2dadc521b2c2590d9b033894ba5c6f31 Processing python-ldap-2.3.12.tar.gz Running python-ldap-2.3.12/setup.py -q bdist_egg --dist-dir /tmp/easy_install-xqEjpH/python-ldap-2.3.12/egg-dist-tmp-AC0kEg extra_compile_args: extra_objects: include_dirs: /usr/local/openldap-2.3/include /usr/include/sasl library_dirs: /usr/local/openldap-2.3/lib libs: ldap_r lber sasl2 ssl crypto file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found warning: no files found matching 'Makefile' warning: no files found matching 'Modules/LICENSE' file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found Modules/constants.c: In function ‘LDAPinit_constants’: Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_CRLFILE’ undeclared (first use in this function) Modules/constants.c:184: error: (Each undeclared identifier is reported only once Modules/constants.c:184: error: for each function it appears in.) error: Setup script exited with error: command 'gcc' failed with exit status 1 -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
python-ldap and kerberos
Hi everybody, I'm on an M$AD and I'm trying python-ldap from a LINUX host with Python 2.6.4. All is ok, I can search_s after a bind_s. The problem is the plain text password (wireshark)... LDAPs is not not avaible and I can't play with certificats... Kerberos is nativelly available on M$AD and is ok on the LINUX host (heimdal ~ kinit ok and klist ok)... I search (Google) and try for ldap.sasl.gssapi but it is always ko :-( Can anybody help me ? Thanks -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ANN: python-ldap-2.3.11
Find a new release of python-ldap: http://www.python-ldap.org/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com Released 2.3.11 2010-02-26 Changes since 2.3.10: Lib/ * Fixed LDAP URL parsing with four ? but no real extensions * ldap.ldapobject.LDAPObject.rename_s() now also accepts arguments serverctrls and clientctrls * Removed untested and undocumented class ldap.ldapobject.SmartLDAPObject * Removed broken method ldap.ldapobject.LDAPObject.manage_dsa_it() Modules/ * Make use of LDAP_OPT_X_TLS_NEWCTX only if available in OpenLDAP libs used for the build * Fixed #ifdef-statements for OPT_X_TLS_PROTOCOL_MIN Doc/ * Some updates and corrections regarding description of use of LDAPv3 controls * Some more descriptions for constants * Removed comments related to old LaTeX-based documentation system -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Compile error on RHEL 5.3 (x86_64), python-ldap-2.3.10
Zhang Huangbin wrote: On Nov 5, 2009, at 1:14 AM, Michael Ströder wrote: This is because of older OpenLDAP libs. Try the patch below. It's also in HEAD now. I tested patch moment ago, failed to build, same as in HEAD (checked out moment ago): Sorry, please try again from HEAD. I fixed also another typo. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Compile error on RHEL 5.3 (x86_64), python-ldap-2.3.10
Rob Orsini wrote: Hi, I'm also having trouble getting 2.3.10 to compile on RHEL 5. I tried applying the patches supplied in this thread (I just joined this email list, btw): In file included from Modules/LDAPObject.c:4: Modules/common.h:10:20: error: Python.h: No such file or directory Please make sure you have all the necessary headers available on your system for building Python extension modules and all the libs needed by python-ldap. I don't know the package names on RHEL though. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Compile error on RHEL 5.3 (x86_64), python-ldap-2.3.10
Zhang Huangbin wrote: I got below compile error on Red Hat Enterprise Linux 5.3 (x86_64) with python-ldap-2.3.10, but 2.3.8 was compiled and installed success. What's wrong with it? Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_NEWCTX’ undeclared Well, I asked for testing long *before* releasing 2.3.10... This is because of older OpenLDAP libs. Try the patch below. It's also in HEAD now. Ciao, Michael. Index: Modules/constants.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v retrieving revision 1.43 diff -u -r1.43 constants.c --- Modules/constants.c 23 Oct 2009 09:09:37 - 1.43 +++ Modules/constants.c 4 Nov 2009 15:48:04 - @@ -162,7 +162,9 @@ add_int(d,OPT_URI); #ifdef HAVE_TLS add_int(d,OPT_X_TLS); +#ifdef LDAP_OPT_X_TLS_NEWCTX add_int(d,OPT_X_TLS_CTX); +#endif add_int(d,OPT_X_TLS_CACERTFILE); add_int(d,OPT_X_TLS_CACERTDIR); add_int(d,OPT_X_TLS_CERTFILE); Index: Modules/options.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/options.c,v retrieving revision 1.33 diff -u -r1.33 options.c --- Modules/options.c 23 Oct 2009 09:09:37 - 1.33 +++ Modules/options.c 4 Nov 2009 15:48:04 - @@ -79,7 +79,9 @@ #ifdef HAVE_TLS case LDAP_OPT_X_TLS: case LDAP_OPT_X_TLS_REQUIRE_CERT: +#ifdef LDAP_OPT_X_TLS_NEWCTX case LDAP_OPT_X_TLS_NEWCTX: +#endif #ifdef OPT_X_TLS_PROTOCOL_MIN case LDAP_OPT_X_TLS_PROTOCOL_MIN: #endif -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
python-ldap on CIFS
I am trying to use Python with python-ldap on a CIFS share. While Python works fine the import of ldap fails. Installed Active Python 2.6.2.2. Copied the Python dir to the share. Copied python26.dll pythoncom26.dll pywintypes26.dll to the new Python dir. Uninstalled the local Python! C:\ \\somehost\someshare\python2.6\python.exe ActivePython 2.6.2.2 (ActiveState Software Inc.) based on Python 2.6.2 (r262:71600, Apr 21 2009, 15:05:37) [MSC v.1500 32 bit (Intel)] on win32 Type help, copyright, credits or license for more information. import sys sys.path.insert(0,path to setuptools) from setuptools.command.easy_install import main main(['setuptools-0.6c9-py2.6.egg']) main(['python_ldap-2.3.8-py2.6-win32.egg']) Everything installed fine but import ldap fails! C:\ \\somehost\someshare\python2.6\python.exe import ldap Traceback (most recent call last): File stdin, line 1, in module File \\somehost\someshare\python2.6\lib\site-packages\python_ldap-2.3.8-py2.6-win32.egg\ldap\__init__ .py, line 22, in module from _ldap import * ImportError: DLL load failed: The specified module could not be found. import sys sys.path[2] 'somehost\someshare\\python2.6\\lib\\site-packages\\python_ldap-2.3.8-py2.6-win32.egg' import os os.listdir(sys.path[2]) ['dsml.py', 'dsml.pyc', 'dsml.pyo', 'EGG-INFO', 'ldap', 'ldapurl.py', 'ldapurl.pyc', 'ldapurl.pyo', 'ldif.py', 'ldif.pyc ', 'ldif.pyo', '_ldap.py', '_ldap.pyc', '_ldap.pyd', '_ldap.pyo'] Actually it does not matter if the python2.6 dir is on a CIFS-share or on some other dir like D:\python2.6\. How to fix that Problem? Regards, Per -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap on CIFS
phobie wrote: C:\ \\somehost\someshare\python2.6\python.exe import ldap Traceback (most recent call last): File stdin, line 1, in module File \\somehost\someshare\python2.6\lib\site-packages\python_ldap-2.3.8-py2.6-win32.egg\ldap\__init__ .py, line 22, in module from _ldap import * ImportError: DLL load failed: The specified module could not be found. Try -v to get more output: \\somehost\someshare\python2.6\python.exe -v -c import ldap I'm not too familiar with using Python under Windows. I suspect that there might also be some registry settings for setting the lib path. Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
python-ldap, modlist and base64
Hi! I'm wondering if there is any example or documentation on how to add or modify ldap objects whose values contains non-ascii characters, such as accents, and so on. As far as I understand, those values should be encoded using base64, but if I do that, I don't know how to indicate in the modlist that this is the encoded value and not the value itself. Any help will be bery appreciated. -- Matias Emanuel Surdi. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap, modlist and base64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Aug 14, 2009, at 13:24 , Matias Surdi wrote: Hi! I'm wondering if there is any example or documentation on how to add or modify ldap objects whose values contains non-ascii characters, such as accents, and so on. As far as I understand, those values should be encoded using base64, but if I do that, I don't know how to indicate in the modlist that this is the encoded value and not the value itself. You do not have to base64-encode the values. Make sure they are UTF-8, and it should work just fine. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkqFUSAACgkQRAx5nvEhZLLOFgCfULPkkbO0hT/jV4m2DRZKBhX5 ACYAnRYhS3JBcK9V7WZAy4zoORNemO1T =s+nu -END PGP SIGNATURE- -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python-LDAP for Python 3.0
David, David Leonard wrote: I have been looking at how to build the _ldap module for python3.x. I'm glad you're again working on python-ldap! Several months ago I tried to raise a discussion about this: http://www.mail-archive.com/python-ldap-dev@lists.sourceforge.net/msg00394.html So, here I'd like to propose and explain some API changes Python 3.x users. I'm focused on the _ldap module right now, but the (pure python) library modules will experience carry-on effects. These are my goals with the _ldap module: * allow Python 2.x clients to keep working without changes * dual environment support: both 2.x and 3.x build environments I'm not sure whether we should maintain backwards compability. Given the amount of code you're currently changing it's worth to think more about an incompatible change. Before going into technical details I'd like to discuss the goals from a very high-level view. We should discuss these ideas before going any further (slightly updated compared to the old posting mentioned above): Move away from SourceForge New GIT-based(?) repository (distributed VCS) Wrap libldap (and libber?) with built-in ctypes Distinct classes for LDAP search results, continuation references, entries etc. Better exception classes for errors with resultCode, diagnosticMessage etc. being class members. Also return diagnosticMessage upon success in search results. Receive LDAPv3 extended controls in intermediate search responses. Compability layers for mozldap, OpenLDAP and winldap? Partial rewrite of ldap.schema with some API changes Class library for LDAP syntaxes and matching rules Full Unicode support maybe with schema-aware LDAP operations I'd prefer python-ldap to be part of the Python standard lib in the long run. New code would make it possible to meet the licensing prerequisites of the PSF for this from the very beginning. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Python-LDAP for Python 3.0
I have been looking at how to build the _ldap module for python3.x. It's a pretty straightforward binary port except for one major headache with strings. So, here I'd like to propose and explain some API changes Python 3.x users. I'm focused on the _ldap module right now, but the (pure python) library modules will experience carry-on effects. These are my goals with the _ldap module: allow Python 2.x clients to keep working without changes dual environment support: both 2.x and 3.x build environments First, the easy one: int() is gone in 3.x. The _ldap module uses int objects to return asynchronous message IDs, and to define a bunch of constants. In Python 3.0 longs look and act just like old ints but with more precision, so there should be few, if any, visible problem with regard to this change in the _ldap API. (Unless you are relying on overflow effects, which sounds suspicious anyway.) 1. Python-ldap compiled for 2.x should continue to use int for Message IDs and constants, but when compiled for 3.x will use longs. Next, and much harder to deal with is the loss of str(). There is heavy reliance of str() objects by _ldap to hold binary data, for attribute values. But, Python 3.0 does not have an 8-bit str(). It has what 2.x used to called unicode(). For 8-bit data we have a new type called bytes(). The issue is that conversion between the two is not automatic. For existing LDAP applications, I expect this to open up a world of porting pain. This is because lots of actual attribute values are ASCII and having the values available in a string type has been a very handy convenience. But, strictly, it is wrong. LDAP attribute values are binary OCTET STRINGs, and in the unicode-only text world of Python 3.x, applications that want text will need to decode these binary strings in accordance with the attribute's schema. This problem is something I'd like feedback on. Yet there is some good news. The text/binary problem appears to be restricted just to attribute values and to some authentication parameters like SASL passwords. Unaffected are attribute names, DNs and search filters. This is because they are transmitted as the ASN.1 LDAPString type, which is a UTF-8 encoded OCTET STRING. So it makes sense for the _ldap API to accept unicode strings for these. But, attribute values (OCTET STRING) surely must become bytes(). Using the bytes() type is going to cause much pain with potentially lots of "TypeError: Can't convert 'bytes' object to str implicitly" messages everywhere. But, it seems that this is part-and-parcel of porting to Python 3.x. If you really need strings, learn the encoding types of your attributes and call str(value, "UTF-8") or str(value, "ASCII") to convert them. So, my other proposed API changes are: 2. Python-ldap compiled for 2.x should continue to accept and produce strings as before. 3. When compiled for 3.x, values that are UTF-8 LDAPString on the wire (attribute names, DNs, search filters, etc) should be passed in and out as (unicode) strings. Attribute value data, and other places where BER binary values are passed, should be passed in and out as bytes(). There should be no automatic conversion between bytes() and unicode str(). A library class that automatically converts attribute values of type bytes() into various python types via an attribute schema is possible, but at the _ldap level this is not necessary. It may even be better for an application tightly coupled to an LDAP schema to do this conversion itself. In summary, python-ldap should have no API change visible to 2.x clients. But, 3.x clients should need to use the bytes() type explicitly for attribute values. d -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july_______ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.9
Hi list, hi Michael, first of all: Michael, thanks for the new release! Eggs for 2.3.9 are available at http://svn.kmrc.de/download/distribution/contrib In addition to the information given in the section .egg builds on http://www.python-ldap.org/download.shtml the following changes apply: - MacOS X / Linux - no change in prerequisites - MacOS X fat eggs have been successfully tested on a freshly installed MacOS X 10.4 PPC System. - The Windows eggs are now statically linked against libsasl2. To accomplish this, I used the method described at https://wiki.mozilla.org/LDAP_C_SDK_SASL_Windows to build the .DLL and then converted it into a static MinGW compatible lib by executing (thanks for the hint, Waldemar ;-) # pexports.exe -v \ -h ../include/sasl/sasl.h libsasl.dll libsasl.def # dlltool.exe --input-def libsasl.def \ --dllname libsasl.dll --output-lib libsasl2.a -k As always, testers are very welcome, especially for the Win32 SASL setup! Best regards, Torsten -- Executive ability is deciding quickly and getting somebody else to do the work. -- John G. Pollard -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ANN: python-ldap-2.3.9
Find a new release of python-ldap: http://www.python-ldap.org/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com Released 2.3.9 2009-07-26 Changes since 2.3.8: Lib/ * All modules (ldap, ldif, dsml and ldapurl) have common version number now * Non-exported function ldif.needs_base64() was abandoned and is now implemented as method LDIFWriter._needs_base64_encoding(). This allows sub-classes of LDIFWriter to implement determining whether attribute values have to be base64-encoded in a different manner and is the same approach like in class dsml.DSMLWriter. * LDAPUrlExtension._parse() now gracefully handles LDAP URL extensions without explicit exvalue as being set with implicit value None. Modules/ * New LDAP option constant ldap.OPT_X_SASL_NOCANON supported in LDAPObject.get/set_option() -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap search_s hanging problem on Linux box
Todd Hanson wrote: I have a query that was written in python (2.5) utilizing the python-ldap package (newest stable version for both Windows and Linux) to query an Active Directory server for a user’s group membership. The code works fine on my test machine (2-3 seconds for result) which is Windows based but when I move the code over and run it on our production Linux (Ubuntu 8.10) server the query hangs for exactly 5 minutes and then displays the results. Does anyone have any ideas where this delay might be coming from and how I can resolve the issue? I've also observed strange things like this with MS AD before. I don't know a clear solution. It kind of sounds like a timeout. One very important thing is to double-check the DNS A and PTR RRs for all systems involved and avoid using DNS aliases (CNAME). This is especially true e.g. for SASL bind requests where I experienced strange problems when using IP address instead of FQDN when binding to AD. Ciao, Michael. -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
python-ldap search_s hanging problem on Linux box
I have a query that was written in python (2.5) utilizing the python-ldap package (newest stable version for both Windows and Linux) to query an Active Directory server for a user's group membership. The code works fine on my test machine (2-3 seconds for result) which is Windows based but when I move the code over and run it on our production Linux (Ubuntu 8.10) server the query hangs for exactly 5 minutes and then displays the results. Does anyone have any ideas where this delay might be coming from and how I can resolve the issue? The code is (please note I replaced some real data i.e. login, password, etc with but in my code real names are there): #!/usr/bin/envpython import ldap import ldap.sasl import sys server = 'ldap://10.200.1.10' user_id = pw = def main(): try: con = ldap.initialize(server) con.simple_bind_s(user_id, pw) print 'Connection Made' except ldap.INVALID_CREDENTIALS: print Your username or password is incorrect. sys.exit() except ldap.LDAPError, e: if type(e.message) == dict and e.message.has_key('desc'): print 'Error - ' + e.message['desc'] else: print 'Error - ' + str(e) sys.exit() finally: print 'Connected' try: #con.timeout = 10 #con.network_timeout = 10 base_dn = 'dc=mariner,dc=local' filter = (memberOf=CN=,CN=Users,DC=,DC=local) attrs = ['sn','mail','cn','sAMAccountName','displayName','memberOf'] timeout = 3 results = con.search_s(base_dn, ldap.SCOPE_SUBTREE, filter, attrs) for dn,entry in results: if dn != None: print 'Processing',repr(dn) print entry['sAMAccountName'] print entry['displayName'] print entry['memberOf'] con.unbind() print print Connection Closed except ldap.LDAPError, e: print 'Error - ' + str(e) sys.exit() # End Of Code ## ### if __name__==__main__: main() Thank You Todd J. Hanson todd.han...@mariner-qs.com -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldap.OPT_X_SASL_NOCANON (was: ANN: python-ldap-2.3.8)
2009/5/4 Michael Ströder mich...@stroeder.com: Ok, committed in HEAD. Please test. I've tested current HEAD and it works for me. Is it urgent to have that in a generally available release? Not really urgent but it would be good if a new release was made in the next 2-3 months or so. This would ensure that the next wave of distribution releases (Fedora 12, Ubuntu 9.10) pick this up. Regards, Geert -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.8
2009/5/3 Michael Ströder mich...@stroeder.com: Why didn't you patch LDAP_get_option()? That is an oversight. It should be updated as well. New patch attached. If I also extend LDAP_get_option() l.get_option(ldap.OPT_X_SASL_NOCANON) will always return -1 if set to any value instead of 0. Is that correct? Yes, that should be fine. Thanks, Geert python-ldap-2.3.8-canon.patch Description: Binary data -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ldap.OPT_X_SASL_NOCANON (was: ANN: python-ldap-2.3.8)
Geert Jansen wrote: 2009/5/3 Michael Ströder mich...@stroeder.com: Why didn't you patch LDAP_get_option()? That is an oversight. It should be updated as well. New patch attached. If I also extend LDAP_get_option() l.get_option(ldap.OPT_X_SASL_NOCANON) will always return -1 if set to any value instead of 0. Is that correct? Yes, that should be fine. Ok, committed in HEAD. Please test. Is it urgent to have that in a generally available release? Ciao, Michael. -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.8
Hi Michael, could you have a look at the patch that i submitted a while ago to expose LDAP_OPT_X_SASL_NOCANON? This option is a new LDAP option that disables SASL host name canonicalization. It is very useful in Windows AD environments. Patch attached. References: - http://sourceforge.net/mailarchive/message.php?msg_name=648242720811211518k726c54b9y1c8357255477ae5a%40mail.gmail.com - http://www.openldap.org/lists/openldap-bugs/200811/msg00116.html Regards, Geert python-ldap-2.3.8-canon.patch Description: Binary data -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.8
Geert Jansen wrote: could you have a look at the patch that i submitted a while ago to expose LDAP_OPT_X_SASL_NOCANON? This option is a new LDAP option that disables SASL host name canonicalization. It is very useful in Windows AD environments. Sorry, this was still in the pipe. Questions: Why didn't you patch LDAP_get_option()? If I also extend LDAP_get_option() l.get_option(ldap.OPT_X_SASL_NOCANON) will always return -1 if set to any value instead of 0. Is that correct? Ciao, Michael. -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.8
Michael Ströder wrote: Find a new release of python-ldap: http://www.python-ldap.org/ Thanks for your great work, Michael. ^_^ -- Best regards. Zhang Huangbin - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/ -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldapsearch vs. python-ldap
You might also have hit the problem with automatic referral chasing within libldap as anonymous. Try this to switch that off: l = ldap.initialize('ldap://host:389') l.set_option(ldap.OPT_REFERRALS,0) try: #l.simple_bind_s('first.l...@example.com', getpass.getpass()) l.simple_bind_s('place\shortname', getpass.getpass()) # Works except Exception, e: You should rather catch ldap.LDAPError here. Ciao, Michael. -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: using Kerberos to authenticate to Active Directory from python ldap
2009/4/10 Geert Jansen ge...@boskant.nl: As a related solution, you could have a look at python-ad [1]. Python-AD is built on top of python-ldap and provides lots of functionality that you normally need to connect to AD built in. For example, service discovery, credential management and multi-domain functionality. There's a few examples on the site, including how to use Kerberos credentials with AD. I noticed that there is some C code related to Kerberos in python-ad. Is this code required to initialize a kerberos authentication, or is this just to change passwords and things like that? thanks, Olivier -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Limited the usage of SF services for python-ldap
HI! Please note that from now on python-ldap releases and docs will not be made available trough SF's file release area anymore. SF's new web interface is even worse than the old one. The download pages are much too complicated for implementing automatic installation. The web page http://python-ldap.sourceforge.net/download.shtml already points to: http://pypi.python.org/pypi/python-ldap/ I think this is the appropriate place for providing python-ldap distribution files. I'd encourage others to upload their Win32 builds or whatever there. Let me know if you need access to python-ldap's PyPI entry. Also the docs are stored directly in the web space: http://python-ldap.sourceforge.net/docs.shtml I also disabled SF services for python-ldap's SF project entry which were not used anyway and only spammed (News and Documentation). More news on that to come. Ciao, Michael. -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
using Kerberos to authenticate to Active Directory from python ldap
Hi all, I'm trying to script a function that can retrieve if a user is member of a group in active directory. The previous script was a shell script with a ldapsearch call for every user. You can image that took long on a thousand users. So I'm rewriting the script for python. However, I cannot get the kerberos authentication right. ld = ldap.initialize('activedirectory-dns') ld.sasl_interactive_bind_s('', ldap.sasl.gssapi('u...@realm')) ld.search_s(self.base, ldap.SCOPE_SUBTREE, '(CN=groupname)', ['Member']) I get an error that I don't have the right credentials. However it works with ldapsearch, so the Kerberos ticket is valid and correct for this query.. Anybody a tip how to continue? Or an example script that uses Kerberos? thanks, Olivier -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Limited the usage of SF services for python-ldap
Michael Ströder wrote: HI! Please note that from now on python-ldap releases and docs will not be made available trough SF's file release area anymore. SF's new web interface is even worse than the old one. The download pages are much too complicated for implementing automatic installation. The web page http://python-ldap.sourceforge.net/download.shtml already points to: http://pypi.python.org/pypi/python-ldap/ I think this is the appropriate place for providing python-ldap distribution files. I'd encourage others to upload their Win32 builds or whatever there. Let me know if you need access to python-ldap's PyPI entry. Also the docs are stored directly in the web space: http://python-ldap.sourceforge.net/docs.shtml I also disabled SF services for python-ldap's SF project entry which were not used anyway and only spammed (News and Documentation). More news on that to come. Ciao, Michael. Try google code project hosting? http://code.google.com/ -- Best regards. Zhang Huangbin - Open Source Mail Server Solution for RHEL/CentOS 5.x: http://code.google.com/p/iredmail/ -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Anyone packaged python-ldap as part of a bigger package ?
Hi! My goal: to 'bundle' pyton-ldap as part of a service distribution. The necessary software for this distribution is a among other a set of Python packages like python-ldap, Twisted and rdflib and a a couple of packages I've developed in python myself, but to get the full service functionality I will have to include a graph database written in Java and possibly also an Apache server. easy_install seems to me to be limited to handle distributions of python packages and to handle their dependences on other python packages, but this is far from what I need. So, I'm looking at buildout from Zope. More specifically I'm contemplating writing a buildout recipe for installing python-ldap. Running such a recipe would not only result in fetching python-ldap by ftp or http from a site but could also include doing configuration before installation as well as after. Anyone done anything like this ? One problem I've already found is that there doesn't seem to exist a simple stable FTP/HTTP URL that points to the latest distribution. --Roland -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Anyone packaged python-ldap as part of a bigger package ?
Roland Hedberg wrote: One problem I've already found is that there doesn't seem to exist a simple stable FTP/HTTP URL that points to the latest distribution. Do you need a URL which is always the same but points to the latest tar.gz file? Ciao, Michael. -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Thoughts on python-ldap 3.0
HI! Given that Python 3.0 makes good progress it's worth to think about how to provide a LDAP module for Python 3.0. Glancing over PEP 3000 it's pretty obvious that python-ldap could be changed more than just adding a few compability patches needed for 2.5 or 2.6 since Python 3.0 seems to be a pretty different thing and applications also won't run without significant changes. So I'm currently thinking about whether it's worth to take 3.0 as a trigger to completely rewrite python-ldap probably leading to an incompatible module API. Some ideas: - move away from SourceForge - new SVN-based repository - wrap libldap (and libber?) with built-in ctypes - compability layers for mozldap, OpenLDAP and winldap? - partial rewrite of ldap.schema with some API changes - class library for LDAP syntaxes and matching rules - Unicode support maybe with schema-aware LDAP operations Definitely volunteers are needed for the ctypes parts! Let me know what *you* like to see in python-ldap 3.0. Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Thoughts on python-ldap 3.0
Michael Ströder wrote: Some ideas: Forgot one point: I'd prefer python-ldap to be part of the Python standard lib in the long run. New code would make it possible to meet the licensing prerequisites of the PSF for this from the very beginning. Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
python-ldap wrong auth. after server down
Hi all, i'm trying to connect ldap into python. when i give it to true username and password, nothing going wrong...But i try to wrong password ,the server shutdown...How can i pass that. ps: ldap_server=ldap.open('localhost') ldap_server.protocol_version = ldap.VERSION3 try: ldap_server.simple_bind_s(word,password) return 'bind yapıldı' ldap_server.unbind() except ldap.LDAPError, e: return e - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap wrong auth. after server down
Please don't e-mail me personally. Stay on the mailing list! mete bilgin wrote: 2008/9/26 Michael Ströder [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mete bilgin wrote: i'm trying to connect ldap into python. when i give it to true username and password, nothing going wrong...But i try to wrong password ,the server shutdown...How can i pass that. What does the server shutdown mean exactly. Is it stopped? yes it's stopped [..] Sep 26 14:12:27 localhost klogd: slapd[24032]: segfault at 1f ip b7c61790 sp b6cf9a40 error 4 in libdb-4.6.so http://libdb-4.6.so[b7bcc000+13a000] This looks like a bug in OpenLDAP. It has nothing to with python-ldap. I already saw this myself yesterday when doing SASL/EXTERNAL bind. It's on my to-do-list to track this down and report to OpenLDAP's ITS if I find some spare time. You could help if you clarify this on openldap-software mailing and file an ITS. Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: problem using python-ldap under fcgi
Matt Bartolome wrote: Hey Michael. Thank you for your response. I modified LDAPObject.c and ldapcontrol.c to use the solution described here: https://bugs.launchpad.net/ubuntu/+source/python-cdb/+bug/157251 Looks like it is something specific to glibc in ubuntu and the recommended use of PyObject_Del instead of PyMem_DEL. I've attached a patch showing the modifications for anyone else ripping their hair out. The glibc python free() error is now gone. If this is really a more general issue I'd like to see this fixed. So I tried your patch. But it seg faults on my openSUSE 11.0 system. I noticed some warnings during build (see below). Ciao, Michael. --- snip --- [..] Modules/LDAPObject.c: In function ‘Tuple_to_LDAPMod’: Modules/LDAPObject.c:126: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c:134: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c:143: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c:146: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c:154: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c:158: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c: In function ‘List_to_LDAPMods’: Modules/LDAPObject.c:226: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/LDAPObject.c: In function ‘attrs_from_List’: Modules/LDAPObject.c:273: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -DHAVE_LIBLDAP_R -DHAVE_SASL -DHAVE_TLS -DLDAPMODULE_VERSION=2.3.6 -IModules -I/opt/openldap-HEAD/include -I/opt/sasl/include/sasl -I/usr/include/sasl -I/usr/include/python2.6 -c Modules/ldapcontrol.c -o build/temp.linux-i686-2.6/Modules/ldapcontrol.o -g Modules/ldapcontrol.c: In function ‘Tuple_to_LDAPControl’: Modules/ldapcontrol.c:83: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/ldapcontrol.c:92: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast Modules/ldapcontrol.c: In function ‘List_to_LDAPControls’: Modules/ldapcontrol.c:139: warning: passing argument 1 of ‘_PyObject_New’ makes pointer from integer without a cast [..] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: problem using python-ldap under fcgi
Matt Bartolome wrote: My apologies on the wild goose chase but after using valgrind on my fcgi process it is python cx_Oracle (would have never guessed that!) which triggers the segmentation fault when ldap.initialize() is called. Why it does this is beyond me but a simple alteration of my code makes the problem go away completely. I was creating a global oracle db cursor which I'm now creating inside the functions that use it. I'm not sure about the glib c error and patch now. Using the original release without modification works so I will leave it at that. Glad you figured out what the issue was. It's good if you don't run a patched version of python-ldap. In general and thanks to the contributors who provided patches in the past python-ldap seems fairly stable. But let's look at the blog entry which convinced you to try patching python-ldap (see http://www.notes.xythian.net/2007/10/24/python-cdb-032-52ubuntu2-with-python-25-causes-double-free-corruption-crash-on-dealloc/): Some other searching suggests that python-cdb’s use of PyMem_DEL is no longer recommended. That's pretty unprecise, not even a single URL. But if somebody can add more detailed information to this it could be helpful to dive into this. IMO an admirable goal of python-ldap is not to fall back behind what's considered current best practice when writing extension modules for CPython. Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: problem using python-ldap under fcgi
Michael Ströder [EMAIL PROTECTED] writes: But let's look at the blog entry which convinced you to try patching python-ldap (see http://www.notes.xythian.net/2007/10/24/python-cdb-032-52ubuntu2-with-python-25-causes-double-free-corruption-crash-on-dealloc/): Some other searching suggests that python-cdb’s use of PyMem_DEL is no longer recommended. That's pretty unprecise, not even a single URL. But if somebody can add more detailed information to this it could be helpful to dive into this. IMO an admirable goal of python-ldap is not to fall back behind what's considered current best practice when writing extension modules for CPython. I think the blog writer was bitten by http://bugs.debian.org/468993. In Python 2.5, PyMem_DEL and PyObject_Del are no longer interchangeable; memory allocated by PyMem_NEW needs to be deallocated by PyMem_DEL, and likewise for PyObject_New and PyObject_Del. A similar (automated) report was filed for python-ldap, and I've verified that it doesn't apply -- http://bugs.debian.org/468995. Cheers, Matej - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: problem using python-ldap under fcgi
Matt Bartolome wrote: I'll take a stab at this. I'll give you fair warning though that I don't know much about C. It looks like the modifications would be fairly straight forward though given I can find the recommended usage and documentation. I left off at the type cast build warnings so I just need to figure that in plus make sure it is backwards compatible (I saw an example showing how to do that). Given Matej's answer and the fact that your problem is fixed it seems to me nothing has to be done. Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problems importing from LDIF file generated with python-ldap
Lars Erik Kolden wrote: ldapmodify: modify operation type is missing at line 26, entry cn=audio,ou=Group,dc=ourdc,dc=no [..] When I look in the LDAP docs, this looks reasonable, as it states that you ned an add: memberUid statement with the changetype: modify. But how come it worked before? And when I try to incorporate this into the LDIF generator script, which uses python-ldap, it just won't work. I don't know why it worked in the past. The LDIF generator script is wrong since it uses module ldif for generating entry records (provided by a dict) instead of providing a modification list (list type) which would make LDIFWriter.unparse() to generate a change record. See __doc__ string in ldif.py: class LDIFWriter: [..] def unparse(self,dn,record): dn string-representation of distinguished name record Either a dictionary holding the LDAP entry {attrtype:record} or a list with a modify list like for LDAPObject.modify(). relevant code looked like this: # # add the new user to a set of default groups: # audio, cdrom, floppy, plugdev, video entry={ 'changetype' : ['modify'], 'memberUid': [username], } dn='cn=audio,ou=Group,dc=ourdc,dc=no' ldif_writer=ldif.LDIFWriter(newusers) ldif_writer.unparse(dn,entry) Should be: modlist=[(ldap.MOD_ADD,'memberUid',[username])] ldif_writer.unparse(dn,modlist) BTW: Anyway I'd recommend to directly use a LDAP connection for this task, not generate LDIF and then using command-line tools. This would give you much better control in case of LDAP errors. Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python-LDAP doesn't like crypt-passwords with 41bit?
[EMAIL PROTECTED] wrote: Our passwords in the LDAP server are encrypted with “crypt” and stored as 41bit binary values. The problem is that python-ldap doesn’t seem to like 41bit passwords but only 20bit. When I try to authenticate by Plone-LDAP / python-LDAP, it doesn’t work, cause the password doesn’t match. (Our LDAP server stores the LDAP passwords as 41bit values by standard) 1. I think you're saying bits but probably mean bytes. 2. If you're talking about using simple_bind_s() to bind to the server then you simply have to use the clear-text password and not the hashed one. 3. Actually there's no length limit in the API for any parameter. If I re-set the password then from Plone-LDAP / python-LDAP, the new password is stored as 20bit binary and authentication works. How do you set the password? You probably should get familiar with hashed passwords and how they are generated, stored and validated. See: http://www.openldap.org/faq/data/cache/419.html Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
AW: Python-LDAP doesn't like crypt-passwords with 41bit?
Hi Michael, I just compiled the latest stable python-ldap version by hand and now authentication works - seems to have been a bug in that old version shipped with Debian Etch. Thanks, B. -Ursprüngliche Nachricht- Von: Michael Ströder [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 23. Juli 2008 13:24 An: [EMAIL PROTECTED] Cc: python-ldap-dev@lists.sourceforge.net Betreff: Re: Python-LDAP doesn't like crypt-passwords with 41bit? [EMAIL PROTECTED] wrote: Our passwords in the LDAP server are encrypted with crypt and stored as 41bit binary values. The problem is that python-ldap doesnt seem to like 41bit passwords but only 20bit. When I try to authenticate by Plone-LDAP / python-LDAP, it doesnt work, cause the password doesnt match. (Our LDAP server stores the LDAP passwords as 41bit values by standard) 1. I think you're saying bits but probably mean bytes. 2. If you're talking about using simple_bind_s() to bind to the server then you simply have to use the clear-text password and not the hashed one. 3. Actually there's no length limit in the API for any parameter. If I re-set the password then from Plone-LDAP / python-LDAP, the new password is stored as 20bit binary and authentication works. How do you set the password? You probably should get familiar with hashed passwords and how they are generated, stored and validated. See: http://www.openldap.org/faq/data/cache/419.html Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Who is using python-ldap with Python 1.5.x and 2.0-2.2?
Torsten Kurbad wrote: Jens Vagelpohl wrote: IMHO it's really not a big deal to tell people they must use older python-ldap releases if they insist on running Python versions that are no longer supported by anyone. Exactly my opinion! You both want to convince me to keep older versions visible. ;-) Well, that's an admirable plan. But only worth the trouble if someone tracks which python-ldap release is guaranteed to work with which Python release. That's not done at the moment. Voluntary work in this field is appreciated. ;-} Ciao, Michael. - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Who is using python-ldap with Python 1.5.x and 2.0-2.2?
Michael Ströder [EMAIL PROTECTED] writes: And how about OpenLDAP libs and gnutls? Yes, I'm nagging here, but because of very good reasons. I don't see it as nagging at all, you're perfectly right not to support modifications you're not comfortable with. I hope we provide a reasonable level of support ourselves, both on this list and through bugs.debian.org. To provide some context, OpenLDAP 2.1 client libraries were not quite as ancient at the time the current Debian release was frozen in late 2006. A newer version didn't make it in time due to problems with symbol versioning -- because of the large number of libraries and plugins linked with libldap, a binary could end up simultaneously using code compiled with different LDAP ABIs, and promptly crash. The next Debian release (due out later this year) will use libldap 2.4 with versioned symbols. I'm not sure which python-ldap package you were looking at, but the one we released with, 2.2.0-3, has a 19-line patch for OpenLDAP 2.1. Later development versions used a 130-line patch, but none of these were released for production use. The patch is a currently a no-op, and I intend to fully remove it before we release. As for GnuTLS, the main reason it's used is the unfortunate incompatibility between the OpenSSL license and the GPL [1]. I'm not aware of stability or security issues in current versions. [1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html Cheers, Matej - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
FYI: python-ldap and web2ldap at OpenLDAP booth, OpenExpo 2008
HI! OpenLDAP will be presented by a team of volunteers (or simply me ;-) at OpenExpo 2008 in Karlsruhe, Germany from Sunday, 2008-05-25 until Monday, 2008-05-26 (or maybe longer) http://openexpo.de Several deployment scenarios based on OpenLDAP will be demonstrated with various LDAP clients. I will also present web2ldap and answer questions about python-ldap too. I'd be glad to meet members of the community personally there. Ciao, Michael. -- Michael Ströder E-Mail: [EMAIL PROTECTED] http://www.stroeder.com - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.4
On 2:20:18 pm 2008-03-29 Torsten Kurbad [EMAIL PROTECTED] wrote: On Saturday, March 29, 2008 at 13:25 Michael Ströder wrote: Released 2.3.4 2008-03-29 Wow, Michael, that was fast! Seg faults are urgent issues although in this case nobody ever reported it. Special thanks to Matej for his quick fix. Ciao, Michael. - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.4
On Saturday, March 29, 2008 at 13:25 Michael Ströder wrote: Released 2.3.4 2008-03-29 Wow, Michael, that was fast! I'm gonna build new eggs for different platforms on monday and put them on our site. Regards, Torsten -- Never make anything simple and efficient when a way can be found to make it complex and wonderful. - Murphy's Law No. 13 - - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
[ldap] ANN: python-ldap-2.3.2
Find a new release of python-ldap: http://python-ldap.sourceforge.net/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Released 2.3.2 2008-03-26 Changes since 2.3.1: Lib/ * ldap.dn.escape_dn_chars() now really adheres to RFC 4514 section 2.4 by escaping null characters and a space occurring at the beginning of the string * New method ldap.cidict.cidict.__contains__() * ldap.dn.explode_dn() and ldap.dn.explode_rdn() have a new optional key-word argument flags which is passed to ldap.dn.str2dn(). Modules/ * Removed unused OPT_PRIVATE_EXTENSION_BASE from constants.c Doc/ * Various additions, updates, polishing (thanks to James). --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
Re: ANN: python-ldap-2.3.2
Hi Michael, Released 2.3.2 2008-03-26 neat! :o) But I ran into a problem while trying to build on my x86_64 Linux box: Modules/constants.c: In function 'LDAPinit_constants': Modules/constants.c:152: error: 'LDAP_OPT_DIAGNOSTIC_MESSAGE' undeclared (first use in this function) Modules/constants.c:152: error: (Each undeclared identifier is reported only once Modules/constants.c:152: error: for each function it appears in.) OpenLDAP version is 2.3.41, gcc 4.2.3, glibc 2.7. Any clues? Regards, Torsten -- Weekend, where are you? - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ANN: python-ldap-2.3.2
Torsten Kurbad wrote: But I ran into a problem while trying to build on my x86_64 Linux box: Modules/constants.c: In function 'LDAPinit_constants': Modules/constants.c:152: error: 'LDAP_OPT_DIAGNOSTIC_MESSAGE' Sorry for that. This constant is available since OpenLDAP 2.4.x. Thanks for reporting it so quickly. ldap.h of OpenLDAP 2.4: #define LDAP_OPT_DIAGNOSTIC_MESSAGE 0x0032 #define LDAP_OPT_ERROR_STRING LDAP_OPT_DIAGNOSTIC_MESSAGE Renaming was probably done to reflect a name change in the revised LDAPv3 RFCs. I'll release 2.3.3 tested with OpenLDAP 2.3.x libs. Ciao, Michael. - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: adding binary attribute using python-ldap
Rahul Amaram wrote: I was wondering if there is any way I can add binary data (such as jpegPhoto and userCertificate) using python-ldap. I've googled but coudn't find any solution. If there is no way of doing it, what is the best alternative solution? There's simply no difference. Note that normal strings are binary buffers in Python 2.x anyway. Since python-ldap does not treat Unicode objects differently at the moment any attribute value passed to a LDAPObject method is passed on in LDAP requests as is. Ciao, Michael. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Python LDAP
Hello, I'm trying to write a script to enable user accounts that I run cross-platform. (Linux and PC) Does anyone know how I could start go about doing this? I know there is active_directory python module, but that solely relies on win32 COM architecture. any help/suggestions is appreciated Thanks, Nick - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python LDAP
Hi python-ldap is a ldap client library and then can access any LDAP server, including the not completely compliant M$ active directory. But your problem is not very clear in your question. On 8/10/07, Nicholas Jay Chokas [EMAIL PROTECTED] wrote: Hello, I'm trying to write a script to enable user accounts that I run cross-platform. (Linux and PC) Does anyone know how I could start go about doing this? I know there is active_directory python module, but that solely relies on win32 COM architecture. any help/suggestions is appreciated Thanks, Nick - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -- -- Alain Spineux aspineux gmail com May the sources be with you - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python-LDAP for Win32 Windows 2003 LDAP
Markus Zapke-Gründemann wrote: Michael Ströder wrote: Markus Zapke-Gründemann wrote: Operations error : LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece Then you tried to connect anonymously which is prohibited in AD's default configuration. This is also what I read on this error code. But when I use the same credentials on a diffenrent DN below the root everything works. This makes me wonder. Before I sent the answer I've tested it. It works as expected with web2ldap which is heavily based on python-ldap. So I wonder if you're code is exactly doing what you think it should do. ;-) Maybe a *small* test script would be helpful to find out. Ciao, Michael. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python-LDAP for Win32 Windows 2003 LDAP
Markus Zapke-Gründemann wrote: A few days ago I tried the first time a subtree search starting at the root of an Active Directory on a Windows 2003 Server. This returns no results (if authenticated). So there's no point trying that. You should rather read namingContexts or defaultNamingContext from rootDSE (base search) to determine the search root on a particular DC. Operations error : LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece Then you tried to connect anonymously which is prohibited in AD's default configuration. Connecting and binding to the server is working flawlessly. Searching subtrees is working as well. If you bind everything which is possible in AD should work. I did also a test with the ldp client of the Microsoft Support Tools package[1], just to verify that all privileges are correct. With this client a search with the same filter from the root of the directory is working. And what did the client return as results? Maybe ldp.exe is using SASL/GSSAPI bind based on your Windows workstation logon seamless without you taking notice of it. And maybe ldp.exe also looks at defaultNamingContext in the rootDSE... Best thing to find out what a client really does it using Wireshark. Ciao, Michael. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
[ldap] ANN: python-ldap-2.3.1
Find a new release of python-ldap: http://python-ldap.sourceforge.net/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Released 2.3.1 2007-07-25 Changes since 2.3.0: * Support for setuptools (building .egg, thanks to Torsten) * Support for matched values control (RFC 3876, thanks to Andreas) Lib/ * Fixed ldif (see SF#1709111, thanks to Dmitry) * ldap.schema.models: SUP now separated by $ (method __str__() of classes AttributeType, ObjectClass and DITStructureRule, thanks to Stefan) Modules/ * Added constant MOD_INCREMENT to support modify+increment extension (see RFC 4525, thanks to Andreas) --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.