Python-LDAP for Win32 & Windows 2003 LDAP

[Markus Zapke-Gründemann]

Hi,

I'm using the python-ldap module for Win32 to build an application which is 
able to find users in an LDAP directory.

A few days ago I tried the first time a subtree search starting at the root of 
an Active Directory on a Windows 2003 Server. Before I did only a search 
starting at a single CN or OU. When doing this search from the root of the tree 
I got the following error message.

Operations error
: LdapErr: DSID-0C090627, comment: In order to perform this operation a 
successful bind must be completed on the connection., data 0, vece

Connecting and binding to the server is working flawlessly. Searching subtrees 
is working as well.

I did also a test with the ldp client of the Microsoft Support Tools 
package[1], just to verify that all privileges are correct. With this client a 
search with the same filter from the root of the directory is working.

I tried Mauro's Python-LDAP 2.0.6 for Win32 and Torsten Kurbad's Win32 egg for 
2.3.1. Both are working great until it comes to the root of the Windows 2003 
LDAP.

Has anyone a hint what the problem could be?

Many thanks for your help in advance.


With kind regards


Markus Zapke-Gründemann

[1] 
http://www.microsoft.com/downloads/details.aspx?familyid=49ae8576-9bb9-4126-9761-ba8011fabf38
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev

Re: Python-LDAP for Win32 & Windows 2003 LDAP

[Michael Ströder]

Markus Zapke-Gründemann wrote:
> 
> A few days ago I tried the first time a subtree search starting at
> the root of an Active Directory on a Windows 2003 Server.

This returns no results (if authenticated). So there's no point trying
that. You should rather read namingContexts or defaultNamingContext from
rootDSE (base search) to determine the search root on a particular DC.

> Operations error
> : LdapErr: DSID-0C090627, comment: In order to perform this
> operation a successful bind must be completed on the connection.,
> data 0, vece

Then you tried to connect anonymously which is prohibited in AD's
default configuration.

> Connecting and binding to the server is working flawlessly. Searching
> subtrees is working as well.

If you bind everything which is possible in AD should work.

> I did also a test with the ldp client of the Microsoft Support Tools
> package[1], just to verify that all privileges are correct. With this
> client a search with the same filter from the root of the directory
> is working.

And what did the client return as results?

Maybe ldp.exe is using SASL/GSSAPI bind based on your Windows
workstation logon seamless without you taking notice of it. And maybe
ldp.exe also looks at defaultNamingContext in the rootDSE...

Best thing to find out what a client really does it using Wireshark.

Ciao, Michael.


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev