New mailing list for python-ldap (was: Mailing list moves now!)
HI! Maybe my last e-mail wasn't clear enough. So I'll try again: The old SourceForge mailing list python-ldap-dev will not be used anymore! I'd be happy to see you all on the new mailing list for http://python-ldap.org under the umbrella of python.org. List and subscriber info is here: http://mail.python.org/mailman/listinfo/python-ldap All announcements, discussion and support related to python-ldap can be posted there. Especially there are important things to discuss for upcoming python-ldap 2.4...so please switch to the new list. Ciao, Michael. Michael Ströder wrote: > HI! > > This is the last message to the old SF mailing list. Do not reply here! > The old mailing list will be shut down now! > > I'd be happy to see you all on our new mailing list: > > http://mail.python.org/mailman/listinfo/python-ldap > > All announcements, discussion and support will be posted there. > > Ciao, Michael. -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Mailing list moves now!
HI! This is the last message to the old SF mailing list. Do not reply here! The old mailing list will be shut down now! I'd be happy to see you all on our new mailing list: http://mail.python.org/mailman/listinfo/python-ldap All announcements, discussion and support will be posted there. Ciao, Michael. -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Load Balance and Redundant LDAP config
Bob Brandt wrote: > I apologize if this is not the right place to ask this question... You're welcome to discuss this here. > I am looking to modify my LDAP scripts to be both Redundant and Load > Balancing! Although both things are mixed all the time these are two different goals. > Right now, I have a script that has a list of LDAP servers and uses the > first one that responses, but the problem is all later requests, use > that single LDAP server. If that server were to fail, the script fails. A simple solution would be to try to connect to a random LDAP server within the list and catch ldap.SERVER_DOWN to reconnect. You could have a look at ldap.ldapobject.ReconnectLDAPObject.reconnect() to get an idea how to do that automatically when serving sychronous calls. Feel free to provide an extension for ReconnectLDAPObject which deals with more than one server. If you're using the async methods your application has to deal with it. Ciao, Michael. -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldap.controls in python-ldap 2.4
Michael Ströder wrote: > Since I'm working more with LDAPv3 controls now I've cleaned up sub-module > ldap.controls. Still work in progress... Now I've checked in the modifications and updated Demo/page_control.py to make use of the slightly new API. Also some related constants' names are now aligned with OpenLDAP's ldap.h. Please check out HEAD and comment. Ciao, Michael. -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ldap.controls in python-ldap 2.4
HI! Since I'm working more with LDAPv3 controls now I've cleaned up sub-module ldap.controls. Still work in progress... Unfortunately it would be too cumbersome to maintain backward compability. So python-ldap 2.4 will very likely break applications working with LDAPv3 controls. My application code will also be heavily affected. I can understand that this will make many people unhappy. But IMO it's the only way to clean up this mess and come up with a much more convenient API for dealing with controls. Better to do it now than later. Ciao, Michael. -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap as replication client
Eric Brunson wrote:
> The new code works great, thanks so much for the new features.
>
> I do have one issue, and maybe I'm just not looking in the correct
> place. The Sync Info Message returns a syncInfoValue which is a BER
> encoded ASN.1 CHOICE structure:
>
> syncInfoValue ::= CHOICE {
> newcookie [0] syncCookie,
> refreshDelete [1] SEQUENCE {
> cookie syncCookie OPTIONAL,
> refreshDoneBOOLEAN DEFAULT TRUE
> },
> refreshPresent [2] SEQUENCE {
> cookie syncCookie OPTIONAL,
> refreshDoneBOOLEAN DEFAULT TRUE
> },
> syncIdSet [3] SEQUENCE {
> cookie syncCookie OPTIONAL,
> refreshDeletes BOOLEAN DEFAULT FALSE,
> syncUUIDs SET OF syncUUID
> }
> }
>
> The data is returned and I've been able to successfully decode it with
> the PyASN1 BER codec, but I can't find any indication of the choice
> index being returned in the value. I don't know that the refreshDelete
> and the refreshPresent are distinguishable from each other without
> additional information, but I see that the value being returned from
> result4() is simply what ldap_parse_intermediate() returns, without any
> indication of the choice index. Looking at the raw BER encoded packet
> in wireshark, it would seem that the two bytes before the data being
> returned have the index embedded in the second byte.
>
> I'm sure this must simply be something I'm overlooking. Any help?
Could you share a short script demonstrating this?
Ciao, Michael.
--
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Roadmap for python-ldap 2.4
HI! I'd like to get final release 2.4.0 out begin of May and I'm currently thinking of what should still to be added. Focus is still Python 2.x. There are some considerations which I'm not sure about yet: 1. Unicode support for DNs, filter strings, etc. but not entry attributes! (Everybody asking for the latter should check the mailing list archive first.) 2. Split LDAPControl into separate classes LDAPRequestControl and LDAPResponseControl. 3. OID-based registry especially for response controls so they can be decoded on-the-fly when received before being returned to the calling application. 4. Use module logging for debug trace messages. I've already added the *very* simple sub-module ldap.logger. 5. Use pyasn1 to implement more controls and extended operations. Input welcome. Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Modifying multiple dns with a single function call
Rahul Amaram wrote: > I am looking for something like this. > > dn: cn=User1,dc=example,dc=com > changetype: modify > replace: mail > mail: us...@example.com > > dn: cn=User2,dc=example,dc=com > changetype: modify > replace: mail > mail: us...@example.com > > dn: cn=User3,dc=example,dc=com > changetype: modify > replace: mail > mail: us...@example.com > > I want to make all the above changes with a single function call. Is > this possible No. > or should I call modify_s once for each dn entry? Yes. Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Modifying multiple dns with a single function call
Rahul Amaram wrote: > I would like to know if it possible to modify multiple dns at once i.e. > via a single modify_s request. Yes, if you mean (multiple) DN-valued attribute values in a single entry. No, if you mean the DNs of multiple entries. > I might need to update about 10,000 entries and I was wondering about > the best way to do this. One by one... This can get tricky if you have a hierarchy of DNs and you have to rename superior entries. Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap as replication client
Eric Brunson wrote: > On 03/11/2011 11:00 AM, Michael Ströder wrote: >> Eric Brunson wrote: >>> On 03/11/2011 05:40 AM, Michael Ströder wrote: >>>> No matter which sync protocol you implement it's very likely that >>>> you need >>>> python-LDAP from CVS HEAD (will be python 2.4) since this version >>>> contains >>>> code to extract response controls from intermediate responses. >>> I'm currently working on a project that requires me to do a syncrepl >>> from python and after much, much reading I'm afraid that the python-ldap >>> library does not implement 4533 correctly. >>> >>> Sync cookies are only retrieved by python-ldap if they are returned in a >>> server control, however this is only the case in an >>> LDAP_RES_SEARCH_RESULT or an LDAP_RES_SEARCH_ENTRY packets. The >>> protocol passes both deletes and presence records in >>> LDAP_RES_INTERMEDIATE packets, which don't get returned to the python >>> caller as they don't have LDAP entries in them, and cookies are also >>> returned in these intermediate result packets, but not in a server >>> control, so those are missed. >> The patches in CVS HEAD were contributed by Rich exactly to make syncrepl >> possible with python-ldap. If you think the current implementation in >> CVS HEAD >> still has deficiencies regarding controls in intermediate responses I >> happily >> will review a patch. ;-) > > Wow, Michael, that is super awesome news. I'll check the CVS head, try > it out and get back to you. Make sure to set the right arguments for LDAPObject.result4(). Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap as replication client
Eric Brunson wrote: > On 03/11/2011 05:40 AM, Michael Ströder wrote: >> No matter which sync protocol you implement it's very likely that you need >> python-LDAP from CVS HEAD (will be python 2.4) since this version contains >> code to extract response controls from intermediate responses. > > I'm currently working on a project that requires me to do a syncrepl > from python and after much, much reading I'm afraid that the python-ldap > library does not implement 4533 correctly. > > Sync cookies are only retrieved by python-ldap if they are returned in a > server control, however this is only the case in an > LDAP_RES_SEARCH_RESULT or an LDAP_RES_SEARCH_ENTRY packets. The > protocol passes both deletes and presence records in > LDAP_RES_INTERMEDIATE packets, which don't get returned to the python > caller as they don't have LDAP entries in them, and cookies are also > returned in these intermediate result packets, but not in a server > control, so those are missed. The patches in CVS HEAD were contributed by Rich exactly to make syncrepl possible with python-ldap. If you think the current implementation in CVS HEAD still has deficiencies regarding controls in intermediate responses I happily will review a patch. ;-) Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap as replication client
Jeroen van Meeuwen (Kolab Systems) wrote: > I'm looking to implement LDAP_CONTROL_SYNC(*) capabilities to > python-ldap's ldap.controls, and while I do have some experience in > several areas, admittedly compared to you I'm probably the most > under-qualified programmer to actually do it. You're always welcome to send demo code and get it commented here. > That said, I first wanted to ask whether something like python-ldap > becoming a replication client (through server controls) was feasible in > your opinion(s). No matter which sync protocol you implement it's very likely that you need python-LDAP from CVS HEAD (will be python 2.4) since this version contains code to extract response controls from intermediate responses. Beware that this may still be subject of API changes especially regarding ldap.controls and ldap.extop. Some additional ASN.1 work for encoding/decoding controls is needed too. I'm currently using pyasn1.sf.net for that which is outside python-ldap. > I think RFC 3928[1] is the corresponding standard. > Another standard was proposed in RFC 4533[2] but that one bounced in > favor of the former. Which sync protocol standard suits your needs depends on the LDAP server your application is talking to. If you use the OpenLDAP server the OpenLDAP developers strongly recommend syncrepl. There were already some people here implementing syncrepl (RFC 4533) based on python-ldap. Personally I'm currently using LDAP persistent search retrieving data from a Novell eDirectory server since this is the control this server supports. Other LDAP servers have other sync controls, e.g. MS AD implemented the proprietary DirSync control, etc. Ciao, Michael. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Fwd: [pyasn1-users] ANN: pyasn1-0.0.13a & pyasn1-modules-0.0.1a released
Rich Megginson wrote: > RHEL does not include pyasn1. But it is extremely useful for > extops/controls - doing BER codec by hand is not fun. Yupp! > A mid-way > approach would be to expose the liblber ber_scanf/ber_printf and support > functions in python. Also an idea we already had. But I'm not a C programmer. So I'll stay away from that myself. But I will happily add a nice Python layer on top of your code. ;-} Make the C wrapper code as lean as possible. > If you do decide that it is necessary for python-ldap to use pyasn1, we > can work on getting it into RHEL. The Fedora python-pyasn1 maintainer > is one of the guys on the freeipa team which uses python-ldap heavily. Noted. Ciao, Michael. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Fwd: [pyasn1-users] ANN: pyasn1-0.0.13a & pyasn1-modules-0.0.1a released
Rich Megginson wrote: > On 03/06/2011 06:14 PM, Chaos Eternal wrote: >> >> should we re-implement python-ldap on pyasn and get rid of depends on >> openldap libs? >> > I vote no. Why would you want to do that? How would you implement > TLS/SSL? How would you implement SASL/GSSAPI? How would you keep up > with openldap client library development, which is the reference > standard for LDAP in the FOSS world? David and me already thought about this two years ago. And for the same reasons Rich mentioned I won't go that route because it's simply too much work to get it right. Additionally there's the performance aspect. BTW: There is already a pure-Python LDAP module called 'ldaptor'. http://eagain.net/talks/ldaptor/index.html But I'm currently using pyasn1 for certain LDAPv3 extended operations/controls and therefore I am thinking about adding some of the basic LDAP-related ASN.1 stuff to python-ldap 2.4.x. But this would introduce a dependency on pyasn1. Pros/Cons? Ciao, Michael. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Minimum version of OpenLDAP libs for python-ldap 2.4.x?
Zhang Huangbin wrote: > > On Mar 5, 2011, at 2:45 AM, Michael Ströder wrote: > >> Again it's time to think about the minimum required version of OpenLDAP libs >> to be used for building upcoming python-ldap 2.4.0. > > Does it mean py-ldap-2.4.0 won't support OpenLDAP-2.3.x series? Yes. > Debian 5, RHEL/CentOS 5 ships OpenLDAP-2.3.x. Well, python-ldap 2.3.x will still be around. So if you're using this distros you have to stick with python-ldap 2.3.x which IMHO is sufficient to run the applications implemented on top of python-ldap so far. Applications requiring new features will need new python-ldap and therefore newer OpenLDAP libs. This is a common practice. > I don't think it's a good strategy to force sys admin to compile/install > openldap-2.4 on production server, if they want to update openldap, they > have to compile again and again. Well, as said: If you don't want to compile on systems you won't install new python-ldap 2.4 anyway on these old systems. Ciao, Michael. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Minimum version of OpenLDAP libs for python-ldap 2.4.x?
(Cc:-ed python-ldap-dev again) Chris Dukes wrote: > On Fri, Mar 04, 2011 at 07:45:15PM +0100, Michael Ströder wrote: >> Again it's time to think about the minimum required version of OpenLDAP libs >> to be used for building upcoming python-ldap 2.4.0. I'd vote for strictly >> requiring a fairly recent version in the OpenLDAP 2.4.x release series. I >> know >> that this rules out using packages provided in RHEL 5 or similar old >> enterprise Linux distros. >> >> I'm asking because support for the assertion control was fixed/extended in >> HEAD but it relies on OpenLDAP 2.4.11+. Currently it's hidden behind a >> #ifdef LIBLDAP_HAS_ASSERTION_CONTROL_FUNC >> but I generally don't like to have features which are there or not there >> depending on the build. > > No newer than what initially shipped with RHEL 6.0 RHEL 6 is fairly new. > I deal with production systems and boneheaded management that wants > worthless support contracts for items like the OS. > For the ones that don't ship OpenLDAP, requiring a new version isn't much of > an issue. However, for the ones that do ship OpenLDAP it's the choice between > the support nightmare of "That part isn't at a supported version" when > something unrelated breaks and the support nightmare of maintaining a couple > custom chroots with a horribly de-skilled set of admins. Believe me I know all this quite well from various discussion with my customer and their admins. But strictly speaking in support terms you would not even be allowed to install a self-compiled version of python-ldap. And Red Hat won't provide an update of python-ldap 2.4.x for RHEL 6.0 anyway. > It's more work, and more parts to break, but I'd suggest tinkering around to > see if the version # can be pulled from the OpenLDAP library and have some > python class implementations that depend on the version to change whether > they return an supported version exception. This could be done and in some parts it's already done in python-ldap and my web2ldap. But... Normally dependencies are: pkg A ver. x depends on pkg B ver. y With you suggestion above this gets even worse: pkg A ver. x depends on pkg B ver. y built with options m, n, etc. So imagine how to write that in a decent operational manual. Or the whole chain of components treat everything optionally which is a nightmare to maintain in code and makes users quite unhappy... Ciao, Michael. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Minimum version of OpenLDAP libs for python-ldap 2.4.x?
HI! Again it's time to think about the minimum required version of OpenLDAP libs to be used for building upcoming python-ldap 2.4.0. I'd vote for strictly requiring a fairly recent version in the OpenLDAP 2.4.x release series. I know that this rules out using packages provided in RHEL 5 or similar old enterprise Linux distros. I'm asking because support for the assertion control was fixed/extended in HEAD but it relies on OpenLDAP 2.4.11+. Currently it's hidden behind a #ifdef LIBLDAP_HAS_ASSERTION_CONTROL_FUNC but I generally don't like to have features which are there or not there depending on the build. The above is only one example. I could think of more features to be added. And I think the feature set of python-ldap 2.4.0 should be as independent from the build options as possible. Ciao, Michael. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: please review encode_assertion_control()
Michael Ströder wrote:
> Rich Megginson wrote:
>> On 03/03/2011 01:28 PM, Michael Ströder wrote:
>>> Could somebody please look what's wrong with
>>> encode_assertion_control() in
>>> Modules/ldapcontrol.c? It seg faults.
>> err =
>> ldap_create_assertion_control_value(NULL,assertion_filterstr,&ctrl_val);
>> The NULL should be an LDAP* and it must be valid.
>>
>> It needs the LDAP* handle because it calls ldap_alloc_ber_with_options()
>> to allocate the BER for the control value.
>
> Thanks for the hint. But how can I create a LDAP* handle locally without
> having to pass in the connection object as argument?
Seems calling ldap_create() did the trick:
$ python -c "import ldap;print
repr(ldap.encode_assertion_control('(objectClass=*)'))"
'\x87\x0bobjectClass'
Not sure whether error checking is correct though.
Ciao, Michael.
--
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: please review encode_assertion_control()
Rich Megginson wrote: > On 03/03/2011 01:28 PM, Michael Ströder wrote: >> Could somebody please look what's wrong with >> encode_assertion_control() in >> Modules/ldapcontrol.c? It seg faults. > err = > ldap_create_assertion_control_value(NULL,assertion_filterstr,&ctrl_val); > The NULL should be an LDAP* and it must be valid. > > It needs the LDAP* handle because it calls ldap_alloc_ber_with_options() > to allocate the BER for the control value. Thanks for the hint. But how can I create a LDAP* handle locally without having to pass in the connection object as argument? Ciao, Michael. -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
please review encode_assertion_control()
HI!
(Sigh!) I'm not a C programmer.
Could somebody please look what's wrong with encode_assertion_control() in
Modules/ldapcontrol.c? It seg faults.
$ python -c "import ldap;print
repr(ldap.encode_assertion_control('(objectClass=*)'))"
Segmentation fault (core dumped)
You have to set
extra_compile_args = -g -DLIBLDAP_HAS_ASSERTION_CONTROL_FUNC
in setup.cfg and have a fairly recent OpenLDAP 2.4 installation to get it
compiled.
Ciao, Michael.
--
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: LDAP for Python 3.x
Dusan Stefanik wrote: > I decided to take python-ldap-2.3.13 few days ago and I made som changes to > get it work on python3. > Now I have working version for python3 (tested on Ubuntu 10.4 LTS x64 and > Debian Squeeze x64). > > You can try it. It can be start point for new branche of python-ldap-py3. > > I made only few tests (bind,search,del,add) - successfully. Thanks for working on that. But given the fact that CVS HEAD now contains lots of changes in Modules/ compared to 2.3.13 I'd really prefer to receive patches against CVS HEAD. Would you mind doing so? Ciao, Michael. -- Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: 2.4.0 patches need review
Rich Megginson wrote: > About the arguments and return values to result4 - with the current code > I have to do something like this: > > rtype, rdata, rmsgid, decoded_serverctrls, extop_rspoid, > extop_rspval = srv.result4(msgid, 0, -1, 1) > > That is, I only want the decoded_serverctrls, but I have to add items > for extop_rspoid and extop_rspval even though I don't want them, because > result4 always returns a 6-tuple, regardless of what the caller wants. > Maybe this is the convention, to have to provide all of the optional > return values, to make it consistent that result4 always returns a > 6-tuple? Because it would be pretty easy for result4 to look at its > arguments and do something like: > if add_extop: > return a 6-tuple > else: > return a 4-tuple Look at the convenience wrapper method LDAPObject.extop_result() I've added recently. A similar method could be easily added for the case where the caller knows that one does not expect a ext op result. I consider this to be a more readable approach than looking at an argument. More ideas: I'd like to let the result-methods decode the response controls and ext op responses received. I'm thinking of adding a new optional keyword argument where one can pass in a dict([oid:class]) which can be used to automagically let the result method return instances of LDAPControl or ExtendedResponse. I'm also thinking about splitting LDAPControl into RequestControl and ResponseControl. More comments welcome. Ciao, Michael. -- Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
2.4.0 patches need review
HI! I've committed a larger patch contributed by Rich Megginson fixing SF#2829057 [1] and adding generic support LDAPv3 extended operations. Many thanks to him. I've done some tests for [1] by successfully using the LDAP persistent search control against eDirectory and OpenDJ (OpenDS fork) and receive/decode the response control. Also a case which does not seem to work with recent python-ldap 2.3.13. But I think this large patch needs much more review and some decision regarding the arguments passed to and results returned by method LDAPObject.result4(). So I'd like to encourage all the list readers to checkout CVS HEAD and play with it. Ciao, Michael. [1] http://sourceforge.net/tracker/?func=detail&aid=2829057&group_id=2072&atid=352072 -- Index, Search & Analyze Logs and other IT data in Real-Time with Splunk Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. Free Software Download: http://p.sf.net/sfu/splunk-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ANN: python-ldap-2.3.13
Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.3.13 python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Note: This is the last release with this feature set. From now on only very urgent fixes are going into release series 2.3.x. Project's web site: http://www.python-ldap.org/ Ciao, Michael. Released 2.3.13 2011-02-19 Changes since 2.3.12: Modules/ * Correct #ifdef-statement for LDAP_OPT_X_TLS_CRLFILE in constants.c fixes build with older OpenLDAP libs * Support for LDAP_OPT_DEFBASE (see SF#3072016, thanks to Johannes) -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Rich Megginson wrote: > OpenLDAP 2.4.23 supports Mozilla NSS (triple licensed > GPLv2+/LGPLv2+/MPL) for crypto > Fedora 14 and later use this instead of OpenSSL I see some benefits using Mozilla NSS especially with LDAP clients. But I wonder whether we could use it from python-ldap via OpenLDAP just like Mozilla clients use it. I'm thinking of support for PKCS#11 tokens and adding trusted certs. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Michael Wood wrote: > I do hold out some hope that issues like this in GnuTLS (or in > the software using GnuTLS?) can get fixed, though. The issues with GnuTLS are known since years now I suspect that everybody setting up a serious (Open-)LDAP deployment just builds with OpenSSL and therefore nobody is using GnuTLS seriously. So nobody sees a benefit for investing in getting GnuTLS improved. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap hanging for 15 minutes under certain conditions
Michael Wood wrote: > On 3 February 2011 18:16, Rich Megginson wrote: >> On 02/03/2011 04:34 AM, Michael Wood wrote: >>> e.g. Ubuntu Lucid Lynx with libldap2-dev version 2.4.21-0ubuntu5.3 and >>> python-ldap 2.3.10-1ubuntu1. > [..] > But I thought it was worth a try to recompile OpenLDAP and link with > OpenSSL instead of GnuTLS. > > After doing that, the problem went away! That was my first idea when I read that you're using Ubuntu (based on Debian). There have been so many issues with OpenLDAP linked with GnuTLS during the last years. I really wonder why the Debian folks force everybody to use this. IMO that's a major issue with Debian. Ciao, Michael. -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: How to find groups(CN) which contains specific words?
Zhang Huangbin wrote: > On Nov 15, 2010, at 1:16 PM, Jahidul Hasan wrote: >> I need to find those groups name which contains the word "ABC", is it >> possible ? >> >> base_dn = 'CN=ABC,OU=Common,DC=test,DC=com' >> ldapConn.search_s(base_dn, ldap.SCOPE_SUBTREE) >> >> Can I use %ABC% ? Not in base_dn. > LDAP search filter can be wild-card, use '*ABC*' instead. > > Reference: http://www.zytrax.com/books/ldap/apa/search.html The code snippet of the original poster above does not contain a search filter at all. So additionally he should read: http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.search ldapConn.search_s(base_dn, ldap.SCOPE_SUBTREE,filterstr='cn=*abc*') Ciao, Michael. -- Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: AIX 6.1 install trouble.
Tom Baxter wrote: > Thank you both for the quick reply. I changed my setup.cfg to > include openssl see below. I also verified that the IBM openssl > package was installed. Attached is the output from the single gcc > call. As said I don't have any experience building on AIX. But from my understanding you should link to the very same OpenSSL lib with which OpenLDAP client libs were linked to. > libs = ldap_r lber ssl Maybe 'crypto' is missing here. See setup.cfg shipped in the source distribution and here: http://www.python-ldap.org/doc/html/installing.html#libs-used Ciao, Michael. -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: AIX 6.1 install trouble.
Tom Baxter wrote: > Hello, I am having trouble install python-ldap on an AIX 6.1 host. I > have compiled the openldap libraries and am trying to install without > any extras like SSL/crypt. Below is my setup.cfg, attached is the out > put from "python setup.py build". > Any guidance would be greatly appreciated. I'm not familiar with AIX. But it seems linking OpenSSL fails. Make sure the OpenSSL include files and (shared) libs are also in here: > library_dirs = /usr/local/lib > include_dirs = /usr/local/include Note that you can list several directories separated by a space char. Ciao, Michael. -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Installing python-ldap 2.3.12 fails
Adam Tauno Williams wrote: > When I install the most recent python-ldap on my CentOS5 box (which has > Python2.6 from IUS) it fails. Previously I was able to install > python-ldap on a similarly provisioned host. Hmm, known problem...(see below) Ciao, Michael. Original Message Subject: Re: python-ldap-2.3.12: Compile error on CentOS 5.5, i386 Date: Wed, 11 Aug 2010 20:42:56 +0200 From: Michael Ströder To: Zhang Huangbin CC: Python Developer List Zhang Huangbin wrote: > > On Aug 9, 2010, at 11:43 PM, Michael Ströder wrote: > >> Find a new release of python-ldap: >> >> http://pypi.python.org/pypi/python-ldap/2.3.12 > > Compile error on CentOS 5.5, i386: > [..] > Modules/constants.c: In function ‘LDAPinit_constants’: > Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_CRLFILE’ undeclared (first > use in this function) > Modules/constants.c:184: error: (Each undeclared identifier is reported > only once > Modules/constants.c:184: error: for each function it appears in.) > error: Setup script exited with error: command 'gcc' failed with exit > status 1 Looks like an older OpenLDAP release. Please try the patch below. Ciao, Michael. Index: Modules/constants.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v retrieving revision 1.47 diff -u -r1.47 constants.c --- Modules/constants.c 7 May 2010 13:22:40 - 1.47 +++ Modules/constants.c 11 Aug 2010 05:14:47 - @@ -181,7 +181,9 @@ #ifdef LDAP_OPT_X_TLS_CRLCHECK /* only available if OpenSSL supports it => might cause backward compability problems */ add_int(d,OPT_X_TLS_CRLCHECK); +#ifdef LDAP_OPT_X_TLS_CRLFILE add_int(d,OPT_X_TLS_CRLFILE); +#endif add_int(d,OPT_X_TLS_CRL_NONE); add_int(d,OPT_X_TLS_CRL_PEER); add_int(d,OPT_X_TLS_CRL_ALL); -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldaps and Active Directory
Josh wrote:
>> Patrick A. Treptau wrote:
>>> I am pulling my hair out trying to connect via ldaps to one of our AD
>>> controllers.
>>>
>>> host = "ldaps://ad_host:636"
>>
>> You should always use the fully-qualified which is in the CN of the server
>> certificate's subject DN.
>
> Patrick isn't the only one running into the issue by the way, I see if
> appearing
> for me as well. Windows 2008 server, getting ldap.SERVER_DOWN: {'info':
> '(unknown error code)', 'desc': "Can't contact LDAP server"} When I try to
> connect with ldaps:// to our host using it's FQDN.
As said try to debug with
openssl s_client -connect ad_host:636 -verify
(use -CApath or -CAfile options)
preferrably using the OpenSSL command-line tool linked to the same libs like
python-ldap.
Ciao, Michael.
--
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Non-ascii passwords
Marc Brevoort wrote:
> I've inherited a little authentication module which uses
> python-ldap (v1.92, 2005/11/03). For the most of it, it works
> fine, but when a user has decided to use non-ascii characters
> in their password, they will be blocked access and the
> authentication log shows a message such as:
>
> 2010-08-27 11:02:50,398 DEBUG Exception: 'ascii' codec can't encode
> character u'\xdf' in position 5: ordinal not in range(128)
I'm not sure which component write this message.
But python-ldap expects all values to be raw strings. So the calling
application is responsible for converting Unicode objects to raw strings with
the appropriate encoding. In case of LDAPv3 this is UTF-8.
> - It should be possible to work around the issue by escaping the
> non-ascii characters in the password, replacing them with a backslash
Please try to understand first how the Python syntax representation of Unicode
and raw strings is which displayed in the message above.
http://docs.python.org/reference/lexical_analysis.html#string-literals
There's no need to mess with the back-slashes at all. Simply fix the calling
application to do the right thing. Probably calling password.encode('utf-8')
will do.
Ciao, Michael.
--
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap-2.3.12: Compile error on CentOS 5.5, i386
Zhang Huangbin wrote: > > On Aug 9, 2010, at 11:43 PM, Michael Ströder wrote: > >> Find a new release of python-ldap: >> >> http://pypi.python.org/pypi/python-ldap/2.3.12 > > Compile error on CentOS 5.5, i386: > [..] > Modules/constants.c: In function ‘LDAPinit_constants’: > Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_CRLFILE’ undeclared (first > use in this function) > Modules/constants.c:184: error: (Each undeclared identifier is reported only > once > Modules/constants.c:184: error: for each function it appears in.) > error: Setup script exited with error: command 'gcc' failed with exit status 1 Looks like an older OpenLDAP release. Please try the patch below. Ciao, Michael. Index: Modules/constants.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v retrieving revision 1.47 diff -u -r1.47 constants.c --- Modules/constants.c 7 May 2010 13:22:40 - 1.47 +++ Modules/constants.c 11 Aug 2010 05:14:47 - @@ -181,7 +181,9 @@ #ifdef LDAP_OPT_X_TLS_CRLCHECK /* only available if OpenSSL supports it => might cause backward compability problems */ add_int(d,OPT_X_TLS_CRLCHECK); +#ifdef LDAP_OPT_X_TLS_CRLFILE add_int(d,OPT_X_TLS_CRLFILE); +#endif add_int(d,OPT_X_TLS_CRL_NONE); add_int(d,OPT_X_TLS_CRL_PEER); add_int(d,OPT_X_TLS_CRL_ALL); -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ANN: python-ldap-2.3.12
Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.3.12 python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Project's web site: http://www.python-ldap.org/ Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com Released 2.3.12 2010-08-05 Changes since 2.3.11: Lib/ * Removed tabs from various modules to make things work with python -tt. * Quick fix to ldif.is_dn() to let multi-valued RDNs pass as valid. Is too liberal in some corner-cases though... * Fix to ldif.is_dn() to allow dashes in attribute type (see SF#3020292) * ldap.open() now outputs a deprecation warning * module-wide locking is now limited to calling _ldap.initialize(). Still ldap.functions._ldap_function_call() is used to wrap all calls for writing debug log. Modules/ * New LDAP options available in OpenLDAP 2.4.18+ supported in LDAPObject.get/set_option(): ldap.OPT_X_KEEPALIVE_IDLE, ldap.OPT_X_KEEPALIVE_PROBES, ldap.OPT_X_KEEPALIVE_INTERVAL, ldap.OPT_X_TLS_CRLCHECK, ldap.OPT_X_TLS_CRLFILE Doc/ * Various small updates/improvements -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: sasl bind issues
Uma Sridharan wrote:
>
> Here is a sample code that works the first time I run the loop and fails
> the second time with the following error. can someone let me know if the
> credentials are cached by the library or what could be wrong? Any help
> is greatly appreciated.
>
> ldap.INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C09043E,
> comment:
> AcceptSecurityContext error, data 57, vece', 'desc': 'Invalid credentials'}
Judging from the error message above I guess this is MS AD. Right?
Somebody posted this issue with MS AD before. Frankly I have no clue what's
going on and how to solve it. I could reproduce it with MS AD W2K3 but it
works with other LDAP server implementations (tested with OpenLDAP 2.4.x and
OpenDS 2.3beta).
Ciao, Michael.
--
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: bad filter
Anil wrote: > I pass a filter string such as this to search(), but I keep getting > BAD SEARCH FILTER error. > "(|(last-login-time<=100101*)(!(last-login-time=*)))" Using <= with * in the assertion value looks bogus to me. > The same thing works when using it with ldapsearch command. Does not work for me when using OpenLDAP's ldapsearch: $ ldapsearch "(|(last-login-time<=100101*)(\!(last-login-time=*)))" ldapsearch: ldap_search_ext: Bad search filter (-7) Note the extra back-shlash needed before ! since ! is a special char for the shell. > I also > tried running it through ldap.filter.escape_filter_chars. You should not pass complete filter strings to ldap.filter.escape_filter_chars(). This function should only be used for the assertion values you put into the filter string afterwards. > Is this a known bug? Nope. Ciao, Michael. -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Changed locking for function calls into _ldap
HI! After Howard's answer http://www.openldap.org/lists/openldap-software/201005/msg00054.html I've relaxed the locking when calling functions of _ldap. Solely _ldap.initialize() is now protected by a lock. Also there's now debug logging for the locks if trace_level is 2 or higher. Please review and test the code in HEAD especially with OpenLDAP 2.3 libs and in heavily threaded environment. Ciao, Michael. -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: _ldap.so: undefined symbol: gnutls_alert_send
Jean-Sébastien Mansart wrote: > > I've got this error with a Zope/Plone site : > Traceback (most recent call last): > [..] > ImportError: > /home/zope/z_sgec/buildout-cache/eggs/python_ldap-2.3.11-py2.4-linux-i686.egg/_ldap.so: > undefined symbol: gnutls_alert_send > > I have install gnutls1.3, recompiled openldap, python-ldap, and so on, > but nothing works. What does this command say? ldd /home/zope/z_sgec/buildout-cache/eggs/python_ldap-2.3.11-py2.4-linux-i686.egg/_ldap.so: Note that there are various ways to install python-ldap: 1. Use pre-built packages from your Linux distributor. 2. Pre-built .egg-files which might be pulled in by dependencies of other installed .egg files. (Personally I'm not in favour of this since most people won't receive regular updates.) 3. Compile yourself and install. Which SSL/TLS libs are used (OpenSSL or GNUtls) is determined by your OpenLDAP build. For 1. and 2. you have to generally ask the distributor of the packages which other software packages are needed. If you tried 1.,2. and 3. you have likely a non-functional mixture of the above. E.g. it seems your Zope/Plone installation (partially) pulls in a pre-built .egg-file. My recommendation is to remove all occurences of python-ldap on your system and try to cleanly do only one of the above. For 3. you have to exactly use the Python interpreter your Zope/Plone installation will run with. Ciao, Michael. -- ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldap.open() SSL patch
ygormu...@dcc.ufba.br wrote: > Michael Ströder : > >> Yes, you're right. I would accept such a patch. ;-) >> >> At least it's documented: >> >> http://www.python-ldap.org/doc/html/ldap.html#ldap.open > > I was using ldap.open because there are many code samples where it's > still used, in the tubes. > > The new patch is attached. Just raising DeprecationWarning exception breaks existing code. I have to reject your patch. ;-) I've checked in a solution which only outputs a warning (just like md5.py does in recent Python releases). So old code should still work. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldap.open() SSL patch
ygormu...@dcc.ufba.br wrote: > Michael Ströder : > >> Using ldap.open() is deprecated for quite a while now. python-ldap >> applications still using this function should be fixed. > > In this case, I think ldap.open() must raise a DeprecationWarning. Don't > you? Yes, you're right. I would accept such a patch. ;-) At least it's documented: http://www.python-ldap.org/doc/html/ldap.html#ldap.open Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldap.open() SSL patch
ygormu...@dcc.ufba.br wrote:
> I'm a member of GrudeSL (Free Software Development Group) at UFBA
> (Federal University of Bahia). We were trying to integrate our new
> Django site authentication with the existing LDAP server, so we ran
> for python-ldap and I can say it does its job very well (thank you
> very much! :D).
>
> But, we are unable to connect using ldap.open() because our server use
> the non-standardized LDAP over SSL scheme "ldaps", along with LDAPv3.
> Although it worked when we used ldap.initialize(). So I wrote a patch
> [1] that fix this tiny little issue, while mantaining backward
> compatibility.
Using ldap.open() is deprecated for quite a while now. python-ldap
applications still using this function should be fixed.
Frankly I fail to see the benefit of avoiding the use of ldap.initialize(). In
both cases you have to change the application (Django in your case) to make
proper use of either ldap.open(...,ssl=True) or
ldap.initialize('ldaps://...'). In the first case it won't work with unpatched
python-ldap.
=> I reject this patch.
Maybe I've overlooked something though.
(Hopefully this does not discourage to submit patches in the future though.)
> [1] - http://pastebin.com/HxtgRAzg
Feel free to submit patches as attachments to the mailing list next time.
Since then they get properly archived.
Ciao, Michael.
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldif.py won't parse with 'python -tt'
John Morrissey wrote: > ldif.py won't parse with the python option '-tt', which enforces consistent > whitespace. It's a simple fix of replacing the handful of tabs with spaces. Thanks for reporting that. Should be fixed in HEAD now. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [SPAM] Re: CONNECTING FROM A SERVERS POOL
HI!
For simple synchronous operations there is ldap.ldapobject.ReconnectLDAPObject
which does automatic re-connect when ldap.SERVER_DOWN is raised within a
*operation_s() method (synchronous operations). You could use that as a
starting point to implement connecting to another server in a pool with a
failover strategy which fits your needs (sometimes depends on network topology).
BTW: You don't have to call ldap.functions._ldap_function_call() yourself.
Ciao, Michael.
Yeargan, Yancey wrote:
>
> Hmm.. I do not know enough about the SimpleLDAPObject code. Perhaps a
> python-ldap developer can provide more information (but I think they
> will recommend that you not use SimpleLDAPObject). Assigning to self may
> not work as you expect. I do not think you will be able to replace
> the SimpleLDAPObject inside an exception handler.
>
> Creating a new LDAP connection using the same URIs as the original is
> valid logic, but your code will need to keep track of the state of
> pending LDAP requests and whether they have completed successfully,
> perhaps storing the requests in some sort of local database. The LDAP
> API itself does not provide for this sort of complex behavior. The level
> of redundancy you seek is not easy.
>
> Yancey
>
>
> On Mar 29, 2010, at 1:03 PM, Alberto Luengo Cabanillas (Pexego) wrote:
>
>> Yeargan, Yancey wrote:
>>>
>>> I think it is as simple as using multiple URL values separated with
>>> spaces. For example:
>>>
>>> ldap.initalize("url1 url2 url3")
>>>
>>> The underlying LDAP code will automatically try each URL until one
>>> succeeds or they all fail.
>>>
>>> Yancey
>>>
>> Hi Yeargan. Thanks for the quick reply but that's not exactly the
>> problem we're facing. The point that if you initialize url1, url2 and
>> url3, with url1 down, the followup queries will be against url2.
>> That's a correct behaviour, but if while you're keeping up that
>> connection, this url2 server goes down, you'll get an exception,
>> instead of trying to reconnect to next available server (url1 or
>> url3), supposing, of course, that they have an equivalent structure.
>> So, when this happens, we're initializing another LDAPObject with
>> remaining URIs this way:
>>
>> new_object =
>> ldap.functions._ldap_function_call(_ldap.initialize,string_uris)
>>
>> self = new_object (or self._l = new_object?)
>>
>> , but this still fails, any suggestion?
>>
>> Greetings.
>>
>>>
>>> On Mar 29, 2010, at 9:41 AM, Alberto Luengo Cabanillas (Pexego) wrote:
>>>
>>>> Hi all! Me and a workmate are currently working in an approach of
>>>> connecting to different LDAP servers (each one is a replica of
>>>> another) because of fault tolerancy purposes.
>>>> So, first thing we did was modifying the *__init__* method of
>>>> SimpleLDAPObject class (ldapobject.py file) adding a new attribute
>>>> "pool" which contains the list of servers passed as param in
>>>> *initialize* method as a string. So, attribute .*_l *changes to:
>>>> self._l =
>>>> ldap.functions._ldap_function_call(_ldap.initialize,self._pool[0])
>>>>
>>>> Then, in *_ldap_call *we introduced a /while/ loop surrounding all
>>>> code with a boolean condition set to False. When *"func"* call fails
>>>> raising a "SERVER_DOWN" exception, we remove URI from pool and
>>>> create a new ReconnectLDAPObject instance with self._l attribute
>>>> pointing to next LDAP URI in pool.
>>>>
>>>> The problem we're actually facing is that when *func *calls raises a
>>>> SERVER_DOWN exception (with, for example, a *search_s* operation)
>>>> the code behaviour is correct when URI is wrong, but when LDAP URI
>>>> is right the func calls stills raises an exception...Is this because
>>>> of what is explained in the beginning of ReconnectLDAPObject class
>>>> (that synchronous methods like search_s() automatically tries to
>>>> reconnect when LDAP server is down)?.
>>>>
>>>> Are we pointing in the right direction?
>>>>
>>>> Thanks a lot in advance.
>>>>
>>>
>>
>
>
>
> --
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why
Re: python-ldap and kerberos
Pascal, it seems you're not described to the python-ldap-dev list so your posting was delayed in the list maintainer's queue... Pascal wrote: > I'm on an M$AD and I'm trying python-ldap from a LINUX host with Python 2.6.4. > All is ok, I can search_s after a bind_s. > The problem is the plain text password (wireshark)... > LDAPs is not not avaible and I can't play with certificats... > Kerberos is nativelly available on M$AD and is ok on the LINUX host > (heimdal ~ kinit ok and klist ok)... > I search (Google) and try for ldap.sasl.gssapi but it is always ko :-( > Can anybody help me ? Well, it simply works for me. If klist shows a service ticket everything should be fine. Most times issues are because of mis-configuration (principal names, enc-types etc.). Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: edirectory question
Yeargan, Yancey wrote: > > Your question is really about Novell eDirectory, not the Python LDAP module; That's definitely related to Novell eDirectory. I vaguely remember that some eDirectory allowed searching with an empty search root. Not sure but worth a short test. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldap.DECODING_ERROR in ldap.dn.str2dn with python2.4 on amd64
Arvid Requate wrote: > we had a problem with ldap.dn.str2dn showing instable behavior and throwing > ldap.DECODING_ERROR in python2.4 Debian Lenny (amd64). > It seems that using PyArg_ParseTuple with format string "z#" and saving the > length of the string directly into the berval member bv_len does not store a > correct value, which in turn causes the problem in ldap_bv2dn. It seems that > str2dn is the only location in python-ldap (2.3.5) where this technique is > used, and the problems seems to affect only amd64 and might be caused by a > leak in the PyArg_ParseTuple routine of python2.4. I think it is fixed since release 2.3.7. You should encourage the Debian maintainer to provide an updated package. See CVS: http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Modules/functions.c?r1=1.21&r2=1.22 Revision 1.22 Tue Apr 7 16:45:57 2009 UTC (11 months ago) by stroeder Branch: MAIN CVS Tags: PYLDAP_REL_2_3_7 Fixed functions.c not to raise ldap.ENCODING_ERROR in function l_ldap_str2dn() on 64-bit systems (see SF#2725356) Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Contributing Mac OS X packages to PyPI
Ben Gollmer wrote: > I have built universal binary packages for Python-LDAP 2.3.10 on both > Mac OS X 10.5 (Python 2.5) and 10.6 (Python 2.6). Is it possible to add > these to the PyPI page, to go along with the Windows installers? They > can be very useful for users that don't have Xcode / gcc installed. Sorry, for answering that late. Do you have a PyPI account? I'd appreciate to see the builds there. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Question: Mac OS 10.6 and Python 2.6
Torsten Kurbad wrote: > Exactly What kind of problem are you encountering while trying to > build on 10.6? Note that recent release 2.3.11 contains fixes for backward-compability to build with OpenLDAP 2.3 libs. You probably need that when building for Mac OS X. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Docs updated for 2.3.11
HI! Slightly updated python-ldap docs are now available on: http://www.python-ldap.org/docs.shtml Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python_ldap 2.3.11 broken on pypi
Tobias Schmidt wrote: > could it be that the latest release of python_ldap (2.3.11) is broken on > pypi? It didn't work inside my buildout and I could not open the archive > after downloading it manually. > > Error message: > > gzip: stdin: unexpected end of file > tar: Child returned status 1 > tar: Error exit delayed from previous errors Should be fixed now. Thanks for your quick report. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ANN: python-ldap-2.3.11
Find a new release of python-ldap: http://www.python-ldap.org/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com Released 2.3.11 2010-02-26 Changes since 2.3.10: Lib/ * Fixed LDAP URL parsing with four ? but no real extensions * ldap.ldapobject.LDAPObject.rename_s() now also accepts arguments serverctrls and clientctrls * Removed untested and undocumented class ldap.ldapobject.SmartLDAPObject * Removed broken method ldap.ldapobject.LDAPObject.manage_dsa_it() Modules/ * Make use of LDAP_OPT_X_TLS_NEWCTX only if available in OpenLDAP libs used for the build * Fixed #ifdef-statements for OPT_X_TLS_PROTOCOL_MIN Doc/ * Some updates and corrections regarding description of use of LDAPv3 controls * Some more descriptions for constants * Removed comments related to old LaTeX-based documentation system -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Anyone using LDAPObject.manage_dsa_it()?
Michael Ströder wrote: > For some time there has been a warning in the docs about > LDAPObject.manage_dsa_it() soon vanishing from python-ldap once full support > for LDAPv3 controls is implemented. Since we have that for quite some time now > this inherently broken method should be removed. > > Anyone still using it? If yes, then raise your voice now or I'll remove it > from upcoming python-ldap 2.3.11. No answer so far. => I removed it in CVS HEAD and will release it like this in 2.3.11. Ciao, Michael. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Anyone using LDAPObject.manage_dsa_it()?
HI! For some time there has been a warning in the docs about LDAPObject.manage_dsa_it() soon vanishing from python-ldap once full support for LDAPv3 controls is implemented. Since we have that for quite some time now this inherently broken method should be removed. Anyone still using it? If yes, then raise your voice now or I'll remove it from upcoming python-ldap 2.3.11. Ciao, Michael. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ldap.ldapobject.SmartLDAPObject removed
Michael Ströder wrote: > Well, SmartLDAPObject is not well tested nor documented and should probably be > removed anyway... > [..] > Well, tls_cacertfile is simply not used in SmartLDAPObject.__init__(). The > reason is that OpenLDAP libs 2.3 were not able to set connection-specific SSL > options. It should work with OpenLDAP 2.4 under some circumstances but I never > got it working. > > => please either don't use SmartLDAPObject or contribute fixes for it > Personally I'd vote for removing it. In CVS HEAD I've removed the untested and undocumented wrapper class ldap.ldapobject.SmartLDAPObject completely. Upcoming release 2.3.11 will not contain it anymore. It never worked robustly like intended and it's not worth the effort to fix it. Ciao, Michael. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: start_tls = 2 is ignored with LDAP URIs starting with LDAP://
Andreas,
sorry for my late reply. I'm quite busy at the moment.
Andreas Büsching wrote:
> I've found a strange behaviour of python-ldap when working with TLS encrypted
> connections. I'm not sure if this is a problem of the python bindings or of
> libldap or in my head ;-)
>
> In my first scenario I was trying to set up a TLS encrypted connection with a
> specific CA certificate that was set in the ldap.conf file (TLS_CACERT).
>
import ldap
l =
> ldap.ldapobject.SmartLDAPObject(uri='LDAP://qamaster.windom2008.univention.test:389',
>
> who='uid=Administrator,cn=users,DC=windom2008,DC=univention,DC=test',cred='univention',
>
> start_tls=2, tls_cacertfile='/etc/univention/ssl/ucsCA/CAcert.pem')
l.started_tls
> 0
>
> In that case the connection is not encrypted. When I replace LDAP:// with
> ldap:// in the URI the connection is encrypted.
Well, that's because of the stupid handling in SmartLDAPObject.__init__().
Line 900 should check the lower-cased uri:
if start_tls>0 and uri[:5].lower()=='ldap:':
Well, SmartLDAPObject is not well tested nor documented and should probably be
removed anyway...
> In the second scenario I've tried to set up a TLS encrypted connection with a
> CA certificate that was not set in the ldap.conf file.
>
l =
> ldap.ldapobject.SmartLDAPObject(uri='ldap://win-64q6lq48z7a.windom2008.univention.test:389',
>
> who='cn=Administrator,cn=users,DC=windom2008,DC=univention,DC=test',cred='univention',
>
> start_tls=2,
> tls_cacertfile='/etc/univention/connector/ad/ad_cert_20091221_153053.pem')
> ...
> ldap.CONNECT_ERROR: {'info': 'error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed', 'desc': 'Connect error'}
Well, tls_cacertfile is simply not used in SmartLDAPObject.__init__(). The
reason is that OpenLDAP libs 2.3 were not able to set connection-specific SSL
options. It should work with OpenLDAP 2.4 under some circumstances but I never
got it working.
=> please either don't use SmartLDAPObject or contribute fixes for it
Personally I'd vote for removing it.
Ciao, Michael.
--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: ldaps and Active Directory
Patrick A. Treptau wrote: > I am pulling my hair out trying to connect via ldaps to one of our AD > controllers. > > host = "ldaps://ad_host:636" You should always use the fully-qualified which is in the CN of the server certificate's subject DN. > #openssl s_client -CAfile path/to/cert.crt -connect ad_host:636 returns > a successful connection With -verify? Ciao, Michael. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: DSML writer
Adam Tauno Williams wrote: > I noticed that python-ldap contains some DSML support; only the XML > produced is invalid [I believe this is caused by its attempt to create > 'pretty' output]. Could you please point me to the details which parts of the XML produced are invalid. Ciao, Michael. -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: How can i add a booleanMatch type attribute
Zhang Huangbin wrote:
> How can i add a booleanMatch type attribute with py-ldap?
Simply like any other attribute provided your attribute value is TRUE or FALSE.
> Refer to python-ldap-2.3.10/Demo/ldapcontrols.py, i use below code to add new
> attribute:
>
>
> l = ldap.initialize('ldap://localhost:389',trace_level=2)
> l.add_ext_s(dn, modlist, serverctrls=[
> BooleanControl('1.3.6.1.4.1.4203.1.10.1',1,1) ],)
???
Here you are using the Subentries control with an LDAP AddRequest. AFAIK this
control (which is not an attribute) is only applicable to SearchRequests (see
RFC 3672). What made you write this code?
>
>
> But i got this error message:
>
> => result: 2
> *** ldap://127.0.0.1:389/ - SimpleLDAPObject.result3 ((2, 1, -1),{})
> => LDAPError - UNAVAILABLE_CRITICAL_EXTENSION: {'info': 'critical extension
> is not recognized', 'desc': 'Critical extension is unavailable'}
>
The server does not support this control for processing this request. Well,
that looks correct to me.
> I use amavisd-new attribute:
>
> attributetype ( 1.3.6.1.4.1.15312.2.2.1.19
> NAME 'amavisLocal'
> DESC 'Is user considered local'
> EQUALITY booleanMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
> SINGLE-VALUE )
>
I don't see any need to use a LDAPv3 extended control to simply populate this
attribute (once it's added to the schema).
Ciao, Michael.
--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: How get get more search results than the server’ s sizelimit?
Dave Kirby wrote: > 2010/1/18 Michael Ströder : > Dave Kirby wrote: > [snip] >>> but according to the python-ldap >>> docs controls are not supported for the search functions even though >>> they are for other functions. >> >> Which version of python-ldap and docs are you referring to? >> > > I was referring to the docs online at > http://www.python-ldap.org/doc/html/ldap.html#ldapobject-class and the > latest version in CVS at > http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Doc/ldap.rst?revision=1.11&view=markup. > > They both say under the LDAPPObject.search_xxx functions: > > * serverctrls* not implemented yet. > * clientctrls* not implemented yet. Sorry, this is clearly outdated. Will correct it soon. Ciao, Michael. -- Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: How get get more search resul ts than the server’s sizelimit?
Dave Kirby wrote: > Hi, I am trying to search for all groups on a server, but there are > more than the server sizelimit results, so the search fails to get > them all. > > My understanding is that the only way to get round this is to use a > paged search control with the search, Which LDAP server product? With MS Active Directory using the simple paged results control helps to circumvent the search result limit. But this won't work with other LDAP servers like OpenLDAP which always enforces the configured search result limit. > but according to the python-ldap > docs controls are not supported for the search functions even though > they are for other functions. Which version of python-ldap and docs are you referring to? An example for simple paged results is shipped in the source distribution. See this file: Demo/page_control.py > Is there a way in python-ldap to get all the results from a search > query, or am I shafted? In general the server determines what "all the results" means. ;-) Ciao, Michael. -- Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Multiple Email Values
Chris Dukes wrote: > On Wed, Dec 30, 2009 at 02:41:03PM +0100, Christoph Holtermann wrote: >> I use LDAP for storing my contacts. I keep thinking about the >> simple case of people having multiple email. One case >> would be to have an attribute "mail" another one "mozillaSecond >> Email". On the other hand I know that it >> is possible to store multiple values in the corresponding LDAP- >> attribute. but i wonder how it could be possible to also store >> an additional information about these email. > > If you're caring from an MTA perspective... > Postfix's LDAP maps suggest a 'maildrop' attribute for calculating actual > delivery. 'maildrop' has a different semantics. > And now a suggestion so you can spend an afternoon seeing what it > breaks... > Well, atleast in my LDAP schemas the mail attribute has syntax > 1.3.6.1.4.1.1466.115.121.1.15 > > And looking at 6.10 of RFC2252 > http://tools.ietf.org/html/rfc2252 > > You can put any unicode string there you want to such > as > Christoph Holtermann Obsolete This is IMO bad advice since MUAs expect only the raw e-mail address in attribute 'mail' (see section 2.16 in RFC 4524) which also contains some other interesting notes. Ciao, Michael. -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Multiple Email Values
Christoph Holtermann wrote: > I have a basic question about data representation in LDAP. > I know just this list, maybe you can point me to the right one. For general LDAP questions you might find l...@umich.edu more helpful since there are more people lurking there. > I use LDAP for storing my contacts. I keep thinking about the > simple case of people having multiple email. Unfortunately this case is not simple. > One case > would be to have an attribute "mail" another one "mozillaSecond > Email". On the other hand I know that it > is possible to store multiple values in the corresponding LDAP- > attribute. but i wonder how it could be possible to also store > an additional information about these email. For example > Hans Wurst has > a...@b.c "work", > b...@b.c "outdated since 2000"... > I guess that this is not possible or needs complex modifications. > Does anybody know something helpful about this ? The big question is what your LDAP-enabled MUAs or other LDAP clients expect in the attribute 'mail' or how you can configure the clients used to handle other attributes etc. E.g. I don't any MUA which handles multiple attribute values in 'mail' in a smart way. Simply the first value is taken. I guess at the end you'll find yourself to add separate entries for all e-mail adresses and office locations. Ciao, Michael. -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap syncrepl consumer
Mikkel Kruse Johnsen wrote: > Sean did you ever get your python-ldap consumer to work ? I'd also like to know this. But I suspect it's currently not possible due to http://sourceforge.net/tracker/?func=detail&aid=2829057&group_id=2072&atid=352072 > I was searching the net for a way to update other systems, when my LDAP > changed. I found your attempt to make a python consumer. Do you have any > code, other than want i can find in the maillinglist ? In a customer project we've implemented a short-time polling system querying OpenLDAP's accesslog database which also leads to quick updates on the target. Ciao, Michael. -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Patch for broken slapd.py
Christian Oudard wrote: > 2009/12/17 Michael Ströder : >> In this case I'm not familiar with slapd.py which was written by David and >> after glancing over it I strongly dislike some of the assumptions made >> therein. So I'm not going to touch that now because of lack of time. > > I'm in the process of adapting slapd.py to be a general purpose mock > ldap test server for running unit tests against. I would be interested > in contributing improvements to it that keep it compatible with the > test suite of python-ldap. > Specifically, what sort of assumptions are you trying to get rid of? Some short comments: 1. It should also work on Windows which is not possible with the currently implemented filename handling. 2. Probably a template for slapd.conf should be used which can be more easily adapted to various OpenLDAP releases, especially no references to specific schema files etc. 3. Data should be kept locally in a sub-directory like with OpenLDAP's test suite. No need for /var/blurb. 4. The assumption about slapd executable being in something like /usr/sbin/ is wrong. Rather the full path to slapd and slaptest should be specified. Ciao, Michael. -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Patch for broken slapd.py
Christian Oudard wrote: > On my system, slapd.py fails because of a missing /var/tmp/python-ldap-test . > > Not sure what your patch submission procedure is, but here's a patch > to fix that: Hmm, normally I review patches and commit them. So you did the right thing posting it here. In this case I'm not familiar with slapd.py which was written by David and after glancing over it I strongly dislike some of the assumptions made therein. So I'm not going to touch that now because of lack of time. Ciao, Michael. -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Compile error on RHEL 5.3 (x86_64), python-ldap-2.3.10
Zhang Huangbin wrote: > On Nov 5, 2009, at 1:14 AM, Michael Ströder wrote: > >> This is because of older OpenLDAP libs. Try the patch below. It's also in >> HEAD >> now. > > I tested patch moment ago, failed to build, same as in HEAD (checked out > moment ago): Sorry, please try again from HEAD. I fixed also another typo. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Compile error on RHEL 5.3 (x86_64), python-ldap-2.3.10
Rob Orsini wrote: > Hi, I'm also having trouble getting 2.3.10 to compile on RHEL 5. I tried > applying the patches supplied in this thread (I just joined this email > list, btw): > > In file included from Modules/LDAPObject.c:4: > Modules/common.h:10:20: error: Python.h: No such file or directory Please make sure you have all the necessary headers available on your system for building Python extension modules and all the libs needed by python-ldap. I don't know the package names on RHEL though. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Best way to add an implementation specific schema model?
Chris Dukes wrote: > I have to work with IBM Directory Server on a regular basis, and that > includes some nasty schema analysis for moving some history local schema > modifications to new versions of the product. > I was able to use ldap.schema to simplify most of the nastiness. > > However, IBM extends the schema with the additional attribute > IBMAttributetypes, which describes chracteristics of how attributes will > be stored in the backend. > > IBM was polite enough to document the grammar for this new attribute and > I'll be attempting to create an IBMAttributetype class to hold these. I vaguely remember coming across these proprietary IBM schema attributes. I wonder why they did not add their specific things to normal AttributeTypeDescription like other directory vendors did. Oh, well... Could you please refer to docs of the grammar? > Now, should I just add the new class to ldap.schema.models and submit a > patch once done? Or should a long term approach of being able to > indicate the addition of server specific extensions be contemplated? I already thought about this when looking at vendor-specific extensions for AttributeTypeDescription for Novell eDirectory and OpenLDAP. Here are some remarks: 1. ldap.schema is somewhat experimental although quite robust in recent deployments. The API is still undocumented mainly because I would be willing to change it if someone comes up with good ideas how to improve it. 2. Lib/ldap/schema/models.py is very closely modeled after RFC 4512. If the IBM grammar loosely follows what's in that RFC 4512 you have a good chance to derive from these classes and extend them by setting class attribute token_defaults according to what's needed. 3. There's ldap.schema.subentry.SCHEMA_CLASS_MAPPING which maps subschema subentry attribute types to Python schema classes in ldap.schema.models. So you have to somewhat register the IBM-specific attributes there. Curious to hear about how to proceed with that. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: connection pooling
Anil wrote: > I am looking to do connection pooling and am thinking of doing something > like http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/pooling.html > > Can you guys give some advice and/or better yet, has someone already > done this? I don't know any connection pooling for python-ldap's LDAPObject instances. It would be certainly nice to have one. I'd recommend to make it look like ReconnectLDAPObject instances. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: How to modify several dn in one time
Zhang Huangbin wrote: > it seems .modify() or .modify_s() can only modify one dn in one time. > How can i modify several dn in one time? You can't. These methods strictly follow the LDAP functional model (see RFC 4511, section 4.6. Modify Operation). > Such as ldapadd command: > > # ldapadd -x -D 'cn=Manager,dc=xxx,dc=xxx' -wpasswd -f new.ldif > > Content of new.ldif: > > dn: cn=vmail,dc=xxx,dc=xxx > changetype: modify > add: cn > cn: newCN > cn: newCN2 > -- > dn: cn=user01,dc=xxx,dc=xxx > changetype: modify > cn: newCN > cn: newCN2 These will lead to sevaral add requests being sent by command-line tool ldapadd. Same with ldapmodify reading several change records from LDIF file and sending a modify request for each of these. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Compile error on RHEL 5.3 (x86_64), python-ldap-2.3.10
Zhang Huangbin wrote: > > I got below compile error on Red Hat Enterprise Linux 5.3 (x86_64) > with python-ldap-2.3.10, but 2.3.8 was compiled and installed success. > What's wrong with it? > > Modules/constants.c:184: error: ‘LDAP_OPT_X_TLS_NEWCTX’ undeclared Well, I asked for testing long *before* releasing 2.3.10... This is because of older OpenLDAP libs. Try the patch below. It's also in HEAD now. Ciao, Michael. Index: Modules/constants.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/constants.c,v retrieving revision 1.43 diff -u -r1.43 constants.c --- Modules/constants.c 23 Oct 2009 09:09:37 - 1.43 +++ Modules/constants.c 4 Nov 2009 15:48:04 - @@ -162,7 +162,9 @@ add_int(d,OPT_URI); #ifdef HAVE_TLS add_int(d,OPT_X_TLS); +#ifdef LDAP_OPT_X_TLS_NEWCTX add_int(d,OPT_X_TLS_CTX); +#endif add_int(d,OPT_X_TLS_CACERTFILE); add_int(d,OPT_X_TLS_CACERTDIR); add_int(d,OPT_X_TLS_CERTFILE); Index: Modules/options.c === RCS file: /cvsroot/python-ldap/python-ldap/Modules/options.c,v retrieving revision 1.33 diff -u -r1.33 options.c --- Modules/options.c 23 Oct 2009 09:09:37 - 1.33 +++ Modules/options.c 4 Nov 2009 15:48:04 - @@ -79,7 +79,9 @@ #ifdef HAVE_TLS case LDAP_OPT_X_TLS: case LDAP_OPT_X_TLS_REQUIRE_CERT: +#ifdef LDAP_OPT_X_TLS_NEWCTX case LDAP_OPT_X_TLS_NEWCTX: +#endif #ifdef OPT_X_TLS_PROTOCOL_MIN case LDAP_OPT_X_TLS_PROTOCOL_MIN: #endif -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
ANN: python-ldap-2.3.10
Find a new release of python-ldap: http://www.python-ldap.org/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema). Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Add msgid to info dict created by LDAPerror.
Chris Dukes wrote: > While rewriting a nasty perl LDAP sync program in python I encountered > one quirk with python-ldap that made my life a bit difficult. When > doing asynchronous searches an ldap exception in result3() doesn't > include 'msgid' in the info dict. Since I'm tracking pending work by > the msgid of the search, having the msgid in the exception is very > useful for removing work items. This is only useful if you sent several LDAP operations with asynchronous methods and then poll *all* results with LDAPObject.result3(msgid=-1). This is a very special use-case. I'd be curious to see some code illustrating this *before* applying your patch. BTW: I still have an idea to eliminate all the thread-locking in LDAPObject by serializing all calls into _ldap module within the wrapper class. For this your patch could be useful. Still I think about some implications of this approach (polling results is CPU intensive, how is invoking result triggered without the need for a separate thread). So again your client code could be an useful inspiration for this. Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Preparing release 2.3.10, please test!
Chris Dukes wrote: > The following patch allows the LDAP_OPT_X_TLS_PROTOCOL_MIN to work with > libldap2-dev 2.4.9-0ubuntu0 Thanks. I've committed this patch in HEAD. Please test. Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Preparing release 2.3.10, please test!
Chris Dukes wrote: > > I went to check my patch to provide msgid in a result exception against > 2.3.10. > I have found a problem on constants.c > [..] > Modules/constants.c:185: error: ‘LDAP_OPT_X_TLS_PROTOCOL_MIN’ undeclared > (first use in this function) Should be #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN add_int(d,OPT_X_TLS_PROTOCOL_MIN); #endif Will committ the patch later. Thanks for testing! Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Preparing release 2.3.10, please test!
Michael Ströder wrote: > There are some fixes waiting to be released as version 2.3.10. > > See current CHANGES: > http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/CHANGES > > So please test current CVS HEAD on various platforms. Did anybody here test anything? Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python ldap and syncrepl controls
Sean Burford wrote: > > I've been working on implementing an RFC 4533 syncrepl consumer using > python-ldap. I can't work out why I can't get the SyncDoneControl that > is returned with the LDAP_RES_SEARCH_RESULT through python-ldap. Sean, could you please re-try with current python-ldap CVS HEAD. I've checked in a change --- snip --- * l_ldap_result3(): controls are now parsed for all response types (SF#2829057) --- snip --- Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Preparing release 2.3.10, please test!
HI! There are some fixes waiting to be released as version 2.3.10. See current CHANGES: http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/CHANGES So please test current CVS HEAD on various platforms. Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
l_ldap_result3(): controls are now parsed for all response types (SF#2829057)
HI! Please test the following change in CVS HEAD with your code which makes use of controls received in LDAP responses. My short test was with Demo/page_control.py which seems to work. http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Modules/LDAPObject.c?r1=1.87&r2=1.88 I have no clue why the removed if-statement was there at all. See also the tracker entry with the feature request: Support for reading controls sent with LDAP_RES_SEARCH_ENTRY - ID: 2829057 http://sourceforge.net/tracker/?func=detail&aid=2829057&group_id=2072&atid=352072 Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap on CIFS
phobie wrote: > Michael Ströder schrieb: >> \\somehost\someshare\python2.6\python.exe -v -c "import ldap" > > File attached! > (converted to utf-8 and translated to english) Which Win32 build of python-ldap are you using? It seems it requests a separate DLL. Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: python-ldap on CIFS
phobie wrote: > C:\> \\somehost\someshare\python2.6\python.exe import ldap > Traceback (most recent call last): > File "", line 1, in > File > "\\somehost\someshare\python2.6\lib\site-packages\python_ldap-2.3.8-py2.6-win32.egg\ldap\__init__ > .py", line 22, in > from _ldap import * > ImportError: DLL load failed: The specified module could not be found. Try -v to get more output: \\somehost\someshare\python2.6\python.exe -v -c "import ldap" I'm not too familiar with using Python under Windows. I suspect that there might also be some registry settings for setting the lib path. Ciao, Michael. -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Changing password as administrator
Avinash Sultanpur wrote:
>
> What is the equivalent of running the below command in python-ldap?
>
> ldappasswd -x -D -w -s secret_password \
> uid=user000,ou=People,dc=example,dc=com
ldap_conn = ldap.initialize(...)
ldap_conn.simple_bind_s(','')
ldap_conn.passwd_s('uid=user000,ou=People,dc=example,dc=com',None,'')
Ciao, Michael.
--
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Expired server certificate
Fredrik, I've learned the hard way now that settings in .ldaprc and ldap.conf have precedence over what you set in your Python code via ldap.set_option() or LDAPObject.set_option(). Best thing is to use this code-line to completely switch off processing of .ldaprc and ldap.conf in libldap: os.environ['LDAPNOINIT']='1' Ciao, Michael. Fredrik Melander wrote: >> Hmm, there's nothing you can do at the python-ldap level. AFAIK cert >> validation is completely done within the OpenSSL libs, except the host name >> checking. >> >> Could you please test with OpenLDAP's command-line tool ldapsearch. This is >> important: Please use the tool which uses the very same libldap also used for >> python-ldap. >> >> If ldapsearch fails this would be something to raise on the openldap-software >> mailing list together with information about your build of libldap and the >> SSL/TLS libs used. Note that libldap could be build with GnuTLS or today even >> with Mozilla's libnss. >> >> Ciao, Michael. >> > > > > Hi, Michael. > Thanks for your reply. I've been looking into this, trying stuff on > different machines and once again it's the frustrating issue of > different OpenLDAP versions. > You might not remember this but I posted a question to this list a > couple of mounths ago about the chase referrals flag which also turned > out to be treated differently depending on OpenLDAP version. > > One of my machines here has (let's call it A) the RPM > openldap2-client-2.3.37-20.8 installed. While as another one (B) has > openldap2-client-2.4.9-7.4 (libldap-2.3.so.0 and libldap-2.4.so.2 > respectively). > > Of course you're right that python-ldap has nothing to do with this, > since ldapsearch gives the same results: > > Computer A: > ldapsearch -x -h "host.domain.de" -b "o=myorg,dc=net" -ZZ > > ldap_start_tls: Connect error (-11) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > > Computer B: > ldapsearch -x -h "host.domain.de" -b "o=myorg,dc=net" -ZZ > > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > > I'm posting this in case somebody runs into similar issues and also in > the hope that somebody has a suggestion on how to solve this. I might > also need to point out that it isn't about these two computers only. > That would be trivial. The application is going to be distributed in a > fairly big organization and I can't possibly demand that everybody has > the same OpenLDAP version. > > The most frustrating thing is perhaps that it is the old version that > has the desired behaviour. I know this is a bit off topic, but surely > there must be a way to check this also in later versions? It'd be much > appreciated if anybody could point me in the right direction here. > > Best regards, > Fredrik -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Python3 and LDAP
Bruno Aguirre wrote: > > Hi to all, I'd like to know if there's a version (alpha, beta or stable) > to use ldap in python 3. There are still some things to consider. Please dig the mailing list's archive for some discussion. Would you personally be willing to put some effort into the C extension module part? Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: What's the best way to replace value of attribute which can handle multiple values?
Zhang Huangbin wrote:
> NO_SUCH_ATTRIBUTE: {'info': 'modify/delete: enabledService: no such
> value', 'desc': 'No such attribute'}
This means the attribute 'enabledService' is not available in the entry at
all. So you can't remove a certain attribute value from it.
Ciao, Michael.
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: What's the best way to replace value of attribute which can handle multiple values?
Zhang Huangbin wrote:
>
> On Sep 9, 2009, at 9:48 PM, Michael Ströder wrote:
>
>> BTW: That's why
>> ldap.modlist.modifyModlist() was implemented.
>
> Any example?
>
> There is no example in official python-ldap document:
> http://www.python-ldap.org/doc/html/ldap-modlist.html?highlight=modifymodlist#ldap.modlist.modifyModlist
>>> import ldap.modlist
>>> ldap.modlist.modifyModlist({'cn':'Mike'},{'cn':'Michael
Stroeder','mail':'mich...@stroeder.com'})
[(0, 'mail', 'mich...@stroeder.com'), (1, 'cn', None), (0, 'cn', 'Michael
Stroeder')]
So basically you read the old_entry dict with an search operation, derive a
new_entry dict from it, tweak that and pass old_entry and new_entry to this
function.
Ciao, Michael.
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: What's the best way to replace value of attribute which can handle multiple values?
Zhang Huangbin wrote:
>
> On Sep 9, 2009, at 9:32 PM, Michael Ströder wrote:
>
>> Zhang Huangbin wrote:
>>> NO_SUCH_ATTRIBUTE: {'info': 'modify/delete: enabledService: no such
>>> value', 'desc': 'No such attribute'}
>>
>> This means the attribute 'enabledService' is not available in the
>> entry at
>> all. So you can't remove a certain attribute value from it.
>>
> Attribute is present, but not contains value 'forwrad'.
Then it will simply fail. If you have to handle such optional cases you
probably have to sort that out at the client side in some way. I'd read the
whole attribute value list, tweak it and replace it. BTW: That's why
ldap.modlist.modifyModlist() was implemented.
Ciao, Michael.
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: What's the best way to replace value of attribute which can handle multiple values?
Zhang Huangbin wrote: > On Sep 9, 2009, at 4:54 PM, Michael Ströder wrote: >>> If cn=cn2 is not exist, [(ldap.MOD_DELETE, 'cn', 'cn2')] will raise >>> an >>> error. >> Could you please post the error raised and mention with which server >> you're >> testing? >> >> I'd try [(ldap.MOD_DELETE, 'cn',['cn2'])] > > The same error if cn=cn2 not exist: ldap.NO_SUCH_ATTRIBUTE. And how about the diagnostic message? I'd test the code with trace_level=2. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: What's the best way to replace value of attribute which can handle multiple values?
Zhang Huangbin wrote: > What's the best way to 'replace' value of attribute which can handle > multiple values? > > Such as: > > dn: uid=myuid,dc=example,dc=com > cn: cn1 > cn: cn2 > cn: cn3 > > My purpose is to get ldif like this (no cn=cn2 any more): > > dn: uid=myuid,dc=example,dc=com > cn: cn1 > cn: cn3 > cn: cn4 > > I want to replace cn=cn2 by cn=cn4 if it exist, or add cn=cn4 directly > if 'cn=cn2' donesn't exist. > > If cn=cn2 is not exist, [(ldap.MOD_DELETE, 'cn', 'cn2')] will raise an > error. Could you please post the error raised and mention with which server you're testing? I'd try [(ldap.MOD_DELETE, 'cn',['cn2'])] > If cn=cn2 is not exist, [(ldap.MOD_ADD, 'cn', 'cn4')] will add cn=cn4, > but can't delete 'cn=cn2'. Try this: [(ldap.MOD_ADD, 'cn',['cn4'])] In general for this to work the server has to have an EQUALITY matching rule defined for the attribute type in question and implement this matching rule. This should be the case for 'cn' alias 'commonName' but one never knows for sure. In web2ldap I have implemented a variant of the function ldap.modlist.modifyModlist() which looks at the schema to determine use of EQUALITY matching rule and generate the diff accordingly. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: hello everybody
Łukasz, Łukasz Mierzwa wrote: > > I'm writing LDAP library (ORM without R as I call it) for python, it's using > python-ldap to do the hard work and let You manage LDAP entries in more ORM > style. I don't have the spare time to look more closely at it not to speak of really contributing to it. So just a few general hints: 1. You're not the first one implementing such a module on top of python-ldap. You might want to dig the mailing list's archive to find others. 2. Most implementations of higher-level APIs fall short with mapping attribute type descriptors (OIDs or NAME) to Python class attribute names since they ignore the fact that there are sub-types defined in LDAP (;binary and language sub-types such as ;de-DE). Also there does not have to be a NAME in an attribute type description. So raw OIDs might be returned in a LDAP search result. 3. No implementation is dealing correctly with attribute type descriptor aliasing with OIDs and several values for NAME. You might want to look at ldap.schema.models.Entry to get an idea. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Torsten Kurbad wrote: > >> I'd appreciate to have this in the official docs in a separate >> section under >> >> http://www.python-ldap.org/doc/html/installing.html#building-and-installing > > that would be great indeed. > > I had very little time this morning (the internet link of our institute > was broken and I had to track down the failure). But I managed to put > some basic documentation online under > > http://svn.kmrc.de/download/distribution/contrib/doc/Minimal-Cyrus-SASL-Win32-HowTo.txt Many thanks for this! I don't know how persistent this link will be. So do you mind if I add this as-is to python-ldap's source distribution? In the long run we can add this in file Doc/installing.rst. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Torsten Kurbad wrote: > Hi Waldemar, > >> My build is not static anymore. Now I put all the required *.dll(s) >> into site-packages\ldap directory. >> I also put the _ldap.pyd in there too so the extension can find them. >> This approach work for all the dlls except the SASL plugins. > > unfortunately, .dlls are relatively useless in conjunction with .eggs, > since there seems to be no proper way to bundle the two. That was the > reason for my static approach. I'm not familiar with the .egg stuff. But .egg files seem to be ZIP files. Isn't there any chance to add the DLLs to this ZIP file? How to make SASL libs locate the plugin DLLs would be another issue. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Waldemar Osuch wrote: > My build is not static anymore. Now I put all the required *.dll(s) > into site-packages\ldap directory. > I also put the _ldap.pyd in there too so the extension can find them. > This approach work for all the dlls except the SASL plugins. > > If I put the SASL plugin dlls into into "C:\CMU\bin\sasl2" then they > will be found. It's the same on Linux. If you install into a non-standard localtion "make install" outputs the following text: * WARNING: * Plugins are being installed into /opt/cyrus-sasl/lib/sasl2, * but the library will look for them in /usr/lib/sasl2. * You need to make sure that the plugins will eventually * be in /usr/lib/sasl2 -- the easiest way is to make a * symbolic link from /usr/lib/sasl2 to /opt/cyrus-sasl/lib/sasl2, * but this may not be appropriate for your site, so this * installation procedure won't do it for you. * * If you don't want to do this for some reason, you can * set the location where the library will look for plugins * by setting the environment variable SASL_PATH to the path * the library should use. Well, symbolic links are not an option. But how about setting the SASL_PATH env var? We could even try to add a os.env['SASL_PATH']=... to Lib/ldap/sasl.py. Could you please provide a ZIP file or something which contains the python-ldap build and the SASL plugin DLLs and I will play around a little bit. > In my environment only DIGEST-MD5 and NTLM got loaded but NTLM did not work. > I have got 'Authentication method not supported' error. > > Now the question is, should I continue to pretend that SASL mechanisms > are supported? If there's no way to load at least one SASL plugin it ldap.SASL_AVAIL should be 0. > Are the 2 or rather 1.5 available mechanisms worth the effort? DIGEST-MD5 would be worth the effort. > Unless Torsten is successful, the 2.3.9 build will not have it. Waldemar, I can fully understand your frustration. And I really appreciate your and Torsten's efforts. Please let's try another round. If setting SASL_HOME is not successful it would be a good idea to raise this issue on the OpenLDAP and Cyrus-SASL mailing lists and request a new feature. Cyrus SASL 2.1.24 RC1 was released to public a couple of days ago. Maybe it would be possible to have another SASL option passed through libldap to cyrus-sasl lib which sets the path where to locate the SASL plugins. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Torsten Kurbad wrote: > But here's my idea: I'll put up a documentation today on what I did to > get cyrus-sasl compiling successfully using MinGW. I'd appreciate to have this in the official docs in a separate section under http://www.python-ldap.org/doc/html/installing.html#building-and-installing Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Torsten Kurbad wrote:
>> I think, I'm almost there. I have a static libsasl and several static
>> plugin libs, but when I try to link one of the plugins with
>> _ldap.pyd, I get:
>>
>> e:\projects\prereq\built\cyrus-sasl\lib\sasl2\libcrammd5.a(plugin_common.o):
>> In function `plug_ipfromstring':
>> e:/projects/prereq/src/cyrus-sasl-2.1.23/plugins/plugin_common.c:150:
>> undefined reference to `sasl_getaddrinfo'
>> e:/projects/prereq/src/cyrus-sasl-2.1.23/plugins/plugin_common.c:157:
>> undefined reference to `sasl_freeaddrinfo'
>> collect2: ld returned 1 exit status
>> error: command 'gcc' failed with exit status 1
>>
>> Should be a matter of proper includes. I'll track that down
>> tomorrow...
>
> in fact, it was a bit more than just proper includes, that's why it took
> me so long. ;-)
>
> But anyway, here's a new .egg for testing:
>
> http://svn.kmrc.de/download/distribution/contrib/python_ldap-2.3.9-py2.6-win32.egg
Sorry, still does not work. This is the console output:
U:\Proj\python-ldap\python-ldap\Demo>c:\Python26\python.exe sasl_bind.py
CRAM-MD5
Error using SASL mechanism CRAM-MD5 {'desc': 'Success'}
PLAIN
Error using SASL mechanism PLAIN {'desc': 'Success'}
LOGIN
Error using SASL mechanism LOGIN {'desc': 'Success'}
EXTERNAL
Error using SASL mechanism EXTERNAL {'desc': 'Success'}
GSSAPI
Error using SASL mechanism GSSAPI {'desc': 'Success'}
NTLM
Error using SASL mechanism NTLM {'desc': 'Success'}
DIGEST-MD5
Error using SASL mechanism DIGEST-MD5 {'desc': 'Success'}
BTW: You could test yourself e.g. against MS AD but take the FQDN in the LDAP
URI then.
Are there any options in cyrus-sasl to turn on debug logs? (Aargh! Tried to
use mod_auth_kerb today and the debugging also pretty much sucks with MIT
Kerberos.)
Ciao, Michael.
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Torsten,
first thanks for trying to get that working.
Torsten Kurbad wrote:
>> My understanding of how it is supposed to work is that _ldap.pyd
>> calls into libsasl.dll first (this part works) but then libsasl.dll
>> has to find and load the requested auth mechanism.
Yes, that's my superficial understanding too.
> Waldemar, I now tried a differente approach: I used our "patented"
> pexports method to statically link in the following sasl auth plugins:
>
> - ANONYMOUS
> - CRAMMD5
> - DIGESTMD5
> - LOGIN
> - PLAIN
>
> But telling from the size of the .egg file, gcc most probably dropped
> all the additional symbols. :-(
Yes, I guess so.
> Could someone with an appropriate setup please check out
>
> http://svn.kmrc.de/download/distribution/contrib/python_ldap-2.3.9-py2.6-win32.egg
>
> try one or more of the above auth mechanisms and report back here?
Unfortunately it does not seem to work:
--- snip ---
>>> sasl_cb_value_dict = {
ldap.sasl.CB_AUTHNAME:'fred',
ldap.sasl.CB_PASS:'secret',
}
>>> sasl_auth=ldap.sasl.sasl(sasl_cb_value_dict,'DIGEST-MD5')
>>> l.sasl_interactive_bind_s("", sasl_auth)
Traceback (most recent call last):
File "", line 1, in
l.sasl_interactive_bind_s("", sasl_auth)
File "C:\Python26\lib\site-packages\ldap\ldapobject.py", line 219, in
sasl_interactive_bind_s
return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls),sasl_flags)
File "C:\Python26\lib\site-packages\ldap\ldapobject.py", line 96, in
_ldap_call
result = func(*args,**kwargs)
SUCCESS: {'desc': 'Success'}
>>> l.whoami_s()
''
>>>
--- snip ---
Ciao, Michael.
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Expired server certificate
Fredrik Melander wrote: > I've given my LDAP server an expired cert for testing, but when calling > start_tls_s() the script just proceeds as were nothing wrong. Hmm, there's nothing you can do at the python-ldap level. AFAIK cert validation is completely done within the OpenSSL libs, except the host name checking. Could you please test with OpenLDAP's command-line tool ldapsearch. This is important: Please use the tool which uses the very same libldap also used for python-ldap. If ldapsearch fails this would be something to raise on the openldap-software mailing list together with information about your build of libldap and the SSL/TLS libs used. Note that libldap could be build with GnuTLS or today even with Mozilla's libnss. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: SASL GSSAPI under Win32
Torsten Kurbad wrote: >>> Im using the 2.3.9 release I got here: >>> http://svn.kmrc.de/download/distribution/contrib/ > >> These are .egg files built by Torsten. Not sure what he did regarding >> Kerberos. > > Sorry for my late reply. > > To be honest, I did nothing regarding Kerberos. I just compiled a very > stripped down version of cyrus-sasl (following the guide on > https://wiki.mozilla.org/LDAP_C_SDK_SASL_Windows) and then linked it > statically to the python-ldap build, leaving out all plugin DLLs. I'd strongly prefer if SASL would be either functional at least of the password based mechs or not compiled into the Win32 builds at all. Note that some implementations (like web2ldap) might look at the ldap.SASL_AVAIL variable and change the behaviour accordingly. > Theoretically it should be possible to statically link in the plugin > libs, too - I'll try that tomorrow, if I find the time. Anyway, that > would just give very basic functionality like MD5, It'll be great if at least the password-based mechs would be supported. IÄd appreciate if Waldemar and you could bring your builds in line. > but no Kerberos, since cyrus only builds against Heimdal or MIT, which are > not (yet) available for Windows (and most probably never will be). There is MIT Kerberos for Windows but it uses its own ticket cache which does not make sense at all. > Michael, can you think of any LDAP-SASL-Kerberos combination that we > still might try to build on Windows? Well, this was the reason why David started his experiments with linking against winldap.dll which makes use of the native Windows Kerberos implementation. Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Internal Attributs
Nicolas EISEN wrote: > I'm probationer and I must implement web interface of LDAP Password > Policies. Interesting. What's it for exactly? Define the policy objects or set the password policy attrs in the user entries? Ciao, Michael. -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
