Re: ldap.modlist.modifyModlist() bug?
Craig Balfour wrote:
> I've just noticed, however, that when the old and new entry consist of
> the same characters but in a different order (as occurs when initials
> are swapped around, for example) ldap_compare_s() returns
> COMPARE_FALSE but modifyModlist() returns an empty list - the result
> being that nothing gets updated.
>
> Here's some examples:
>
> modlist = ldap.modlist.modifyModlist({"givenName": "Fred"}, {"givenName":
> "Bob"})
> print str(modlist)
> [(1, 'givenName', None), (0, 'givenName', 'Bob')]
>
> modlist = ldap.modlist.modifyModlist({"givenName": "Fred"}, {"givenName":
> "derF"})
> print str(modlist)
> []
>
> Is this a bug in modifyModlist() or a feature?
This is a bug in *your* code. ;-)
But I also had to look at it twice before recognizing it.
Note that an attribute in the entry's dict is made of an attribute type
and a *list* of attribute values (strings). You're passing in strings as
attribute value lists and the function modifyModlist() iterates over the
single chars in the string instead of iterating over the list items
(attribute values).
So your examples should be (and modifyModlist() works expected):
Python 2.5.1 (r251:54863, Aug 3 2007, 00:52:06)
[GCC 4.1.2 20061115 (prerelease) (SUSE Linux)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from ldap.modlist import modifyModlist
>>> modifyModlist({"givenName": ["Fred"]}, {"givenName": ["Bob"]})
[(1, 'givenName', None), (0, 'givenName', ['Bob'])]
>>> modifyModlist({"givenName": ["Fred"]}, {"givenName": ["derF"]})
[(1, 'givenName', None), (0, 'givenName', ['derF'])]
>>>
Ciao, Michael.
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
___
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Geert Jansen wrote: > Michael Ströder wrote: > >> I saw that kinit is started as a shell sub-process. > > Actually Python-AD comes with a C module that wraps the required > Kerberos functions (see lib/ad/protocol/krb5.c). What you probably saw > is the use of kinit in the test suite, where I use it to verify the > credentials acquired by the C module. Ah, ok. Interesting. Why don't you separate the krb5 module into another project. I guess some people might be interested in that. Especially my dream would be to support HTTP-Authentication based on SPNEGO/GSSAPI in web2ldap. But not only authenticating the user at the web server. I would rather like forward the service ticket requested for a particular LDAP service to the LDAP server in a SASL/GSSAPI BindRequest. Do you think that's feasible? Ciao, Michael. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
At Tue, 11 Dec 2007 14:45:01 +0100 Michael Ströder <[EMAIL PROTECTED]> wrote: > Ah, ok. Interesting. Why don't you separate the krb5 module into > another project. I guess some people might be interested in that. ME, ME, ME!!! :o) I tried several krb5 modules lying around in the net so far - and none really worked! In fact, most of the implementations require an external kinit call, which is NOT what I intend to let my users do... So, I'd very much appreciate, if you think about Michael's idea, Geert! Regards, Torsten -- "Triumph without Victory, The Unreported History of the Persian Gulf War", -Headline published in the U.S. News & World Report, 1992. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Michael Ströder wrote: Geert Jansen wrote: Michael Ströder wrote: I saw that kinit is started as a shell sub-process. Actually Python-AD comes with a C module that wraps the required Kerberos functions (see lib/ad/protocol/krb5.c). What you probably saw is the use of kinit in the test suite, where I use it to verify the credentials acquired by the C module. Ah, ok. Interesting. Why don't you separate the krb5 module into another project. I guess some people might be interested in that. Especially my dream would be to support HTTP-Authentication based on SPNEGO/GSSAPI in web2ldap. But not only authenticating the user at the web server. I would rather like forward the service ticket requested for a particular LDAP service to the LDAP server in a SASL/GSSAPI BindRequest. Do you think that's feasible? there is pykerberos from http://trac.calendarserver.org/projects/calendarserver/browser/PyKerberos/ I am interested in a better GSSAPI binding for Python.. and have some incomplete code locally if anyone else is interested. To do credential forwarding, the gss is currently kind of crappy about how to extract creds portably, but if you know it's kerberos and you can set KRB5CCNAME to a temporary file you can stash a delegated TGT into a temp ccache so that SASL/GSS can find it when you talk ldap. -- David Leonard [EMAIL PROTECTED] Ph:+61 404 844 850 - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Torsten Kurbad wrote: > At Tue, 11 Dec 2007 14:45:01 +0100 > Michael Ströder <[EMAIL PROTECTED]> wrote: > > >> Ah, ok. Interesting. Why don't you separate the krb5 module into >> another project. I guess some people might be interested in that. >> > > ME, ME, ME!!! :o) > > I tried several krb5 modules lying around in the net so far - and none > really worked! In fact, most of the implementations require an external > kinit call, which is NOT what I intend to let my users do... > > So, I'd very much appreciate, if you think about Michael's idea, > Geert! > > Regards, > Torsten > You might be interested in the freeipa.org project which uses python, python-ldap, turbogears, PyKerberos, and supports http authentication with forwardable tickets. I don't think they support SPNEGO yet but patches are welcome :-) - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Noah Gift wrote: > On Dec 11, 2007, at 10:02 AM, Rich Megginson wrote: > > >> Torsten Kurbad wrote: >> >>> At Tue, 11 Dec 2007 14:45:01 +0100 >>> Michael Ströder <[EMAIL PROTECTED]> wrote: >>> >>> >>> Ah, ok. Interesting. Why don't you separate the krb5 module into another project. I guess some people might be interested in that. >>> ME, ME, ME!!! :o) >>> >>> I tried several krb5 modules lying around in the net so far - and >>> none >>> really worked! In fact, most of the implementations require an >>> external >>> kinit call, which is NOT what I intend to let my users do... >>> >>> So, I'd very much appreciate, if you think about Michael's idea, >>> Geert! >>> >>> Regards, >>> Torsten >>> >>> >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. I don't think they support SPNEGO yet but >> patches are welcome :-) >> > > Rich, > > Have you used freeipa? I would be interested in covering this in the > book I am writing about Python for Systems Administration. > No, I haven't used it, but I have worked on some of the directory server features it uses. > > Noah Gift > > >> - >> SF.Net email is sponsored by: >> Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://sourceforge.net/services/buy/index.php >> ___ >> Python-LDAP-dev mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev >> > > > - > SF.Net email is sponsored by: > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > ___ > Python-LDAP-dev mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
On Dec 11, 2007, at 10:31 AM, Rich Megginson wrote: > Noah Gift wrote: >> On Dec 11, 2007, at 10:02 AM, Rich Megginson wrote: >> >> >>> Torsten Kurbad wrote: >>> At Tue, 11 Dec 2007 14:45:01 +0100 Michael Ströder <[EMAIL PROTECTED]> wrote: > Ah, ok. Interesting. Why don't you separate the krb5 module into > another project. I guess some people might be interested in that. > > ME, ME, ME!!! :o) I tried several krb5 modules lying around in the net so far - and none really worked! In fact, most of the implementations require an external kinit call, which is NOT what I intend to let my users do... So, I'd very much appreciate, if you think about Michael's idea, Geert! Regards, Torsten >>> You might be interested in the freeipa.org project which uses >>> python, >>> python-ldap, turbogears, PyKerberos, and supports http >>> authentication >>> with forwardable tickets. I don't think they support SPNEGO yet but >>> patches are welcome :-) >>> >> >> Rich, >> >> Have you used freeipa? I would be interested in covering this in >> the book I am writing about Python for Systems Administration. >> > No, I haven't used it, but I have worked on some of the directory > server features it uses. Red Hat is really picking up steam on creating Python Sys Admin Tools. I will have to check out freeipa when I get a chance. Thanks for the info. > >> >> Noah Gift >> >> >>> - >>> SF.Net email is sponsored by: >>> Check out the new SourceForge.net Marketplace. >>> It's the best place to buy or sell services for >>> just about anything Open Source. >>> http://sourceforge.net/services/buy/index.php >>> ___ >>> Python-LDAP-dev mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev >>> >> >> >> - >> SF.Net email is sponsored by: >> Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://sourceforge.net/services/buy/index.php >> ___ >> Python-LDAP-dev mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev >> >> > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
On Dec 11, 2007, at 10:02 AM, Rich Megginson wrote: > Torsten Kurbad wrote: >> At Tue, 11 Dec 2007 14:45:01 +0100 >> Michael Ströder <[EMAIL PROTECTED]> wrote: >> >> >>> Ah, ok. Interesting. Why don't you separate the krb5 module into >>> another project. I guess some people might be interested in that. >>> >> >> ME, ME, ME!!! :o) >> >> I tried several krb5 modules lying around in the net so far - and >> none >> really worked! In fact, most of the implementations require an >> external >> kinit call, which is NOT what I intend to let my users do... >> >> So, I'd very much appreciate, if you think about Michael's idea, >> Geert! >> >> Regards, >> Torsten >> > You might be interested in the freeipa.org project which uses python, > python-ldap, turbogears, PyKerberos, and supports http authentication > with forwardable tickets. I don't think they support SPNEGO yet but > patches are welcome :-) Rich, Have you used freeipa? I would be interested in covering this in the book I am writing about Python for Systems Administration. Noah Gift > > > - > SF.Net email is sponsored by: > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > ___ > Python-LDAP-dev mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
David Leonard wrote: > > I am interested in a better GSSAPI binding for Python.. and have some > incomplete code locally if anyone else is interested. Well, how about contributing your code to another project? Or how about creating a new project? > To do credential forwarding, the gss is currently kind of crappy about > how to extract creds portably, but if you know it's kerberos and you can > set KRB5CCNAME to a temporary file you can stash a delegated TGT into a > temp ccache so that SASL/GSS can find it when you talk ldap. Well, setting an env var is not really a good choice when running within a multi-threaded web application... :-/ Ciao, Michael. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Rich Megginson wrote: > You might be interested in the freeipa.org project which uses python, > python-ldap, turbogears, PyKerberos, and supports http authentication > with forwardable tickets. I don't think they support SPNEGO yet but > patches are welcome :-) Well, glancing over the code I wonder why you didn't try to contribute back some of the utility functions into python-ldap. E.g. some things like constructing a Proxy Authz Control or normalizing DNs. Note that python-ldap has a Python style license (not GPL) though. Ciao, Michael. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Michael Ströder wrote: > Rich Megginson wrote: > >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. I don't think they support SPNEGO yet but >> patches are welcome :-) >> > > Well, glancing over the code I wonder why you didn't try to contribute > back some of the utility functions into python-ldap. E.g. some things > like constructing a Proxy Authz Control or normalizing DNs. > I don't know. I haven't been working on that part. I'll let those guys know. > Note that python-ldap has a Python style license (not GPL) though. > Ok, good to know. > Ciao, Michael. > > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Rich Megginson wrote: > You might be interested in the freeipa.org project which uses python, > python-ldap, turbogears, PyKerberos, and supports http authentication > with forwardable tickets. > I don't think they support SPNEGO yet but patches are welcome :-) How does the browser send the ticket to the web application then? Ciao, Michael. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
STRONG_AUTH_REQUIRED
Hi,
How to fix STRONG_AUTH_REQUIRED error? (My ldapserver is master)
I'm receiving this error while using modify(dn, modlist)
I have a bind with rootdn and rootpw right.
My modlist [(0, 'employeeType', ['1']), (0, 'l', ['GETEC']), (0,
'stateOrProvinceName', ['DF'])]
The error: Dec 11 16:52:00 localhost integracao:ERROR {'info':
'modifications require authentication', 'desc': 'Strong(er) authentication
required'}
The code:
def _modify(self, dn):
self.log.debug("%s: %s"%(dn, self.modlist))
try:
ldap_result_id = self.conn.modify(dn, self.modlist)
result_type, result_data =
self.conn.result(ldap_result_id,
0)
except ldap.LDAPError, e:
self.log.error(e)
--
-
- Fernando Ribeiro
- +55-61-8438-5806
-
Firthunands: firthu means peace, nands means daring.
"Those who do anything to maintain the peace!"
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php___
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Michael Ströder wrote: > Rich Megginson wrote: > >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. >> I don't think they support SPNEGO yet but patches are welcome :-) >> > > How does the browser send the ticket to the web application then? > In Firefox, go to about:config In the Filter: text box, type "nego" You just have to set network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris to match your [domain_realm] setting in your /etc/krb5.conf. For example: network.negotiate-auth.delegation-uris: .example.com network.negotiate-auth.trusted-uris: .example.com I'm not sure but this should be documented on the freeipa.org web site, if it is not already. You also have to use Apache mod_auth_kerb, which should also be covered by freeipa.org > Ciao, Michael. > > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Rich Megginson wrote: > Michael Ströder wrote: >> Rich Megginson wrote: >> >>> You might be interested in the freeipa.org project which uses python, >>> python-ldap, turbogears, PyKerberos, and supports http authentication >>> with forwardable tickets. >>> I don't think they support SPNEGO yet but patches are welcome :-) >> >> How does the browser send the ticket to the web application then? >> > In Firefox, go to about:config Yes, that's what's written on the freeipa.org web site. I was more interested what's transmitted over the wire if it's not SPNEGO. Ciao, Michael. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Michael Ströder wrote: > Rich Megginson wrote: > >> Michael Ströder wrote: >> >>> Rich Megginson wrote: >>> >>> You might be interested in the freeipa.org project which uses python, python-ldap, turbogears, PyKerberos, and supports http authentication with forwardable tickets. I don't think they support SPNEGO yet but patches are welcome :-) >>> How does the browser send the ticket to the web application then? >>> >>> >> In Firefox, go to about:config >> > > Yes, that's what's written on the freeipa.org web site. I was more > interested what's transmitted over the wire if it's not SPNEGO. > I'm not really sure. One of the guys on [EMAIL PROTECTED] would know for sure. > Ciao, Michael. > > - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Michael Ströder wrote: > Ah, ok. Interesting. Why don't you separate the krb5 module into another > project. I guess some people might be interested in that. > > Especially my dream would be to support HTTP-Authentication based on > SPNEGO/GSSAPI in web2ldap. But not only authenticating the user at the > web server. I would rather like forward the service ticket requested for > a particular LDAP service to the LDAP server in a SASL/GSSAPI > BindRequest. Do you think that's feasible? > Well... at the moment the module is really bare bones and only exposes the few functions of the vast Kerberos API that Python-AD needs. Also I don't want to digress too much at this point. I created Python-AD as part of something bigger which does not exist yet: FreeADI. FreeADI would provide Active Directory integration for Linux systems, meaning you can use AD as the directory and authentication service on Linux. (Given the fact that Likewise Open was released last week, I am not sure though it would still be useful). >From what I understand from you though, you'd like the GSSAPI to be wrapped and not the Kerberos API. This is easier as the GSSAPI seems significantly smaller than the Kerberos API. By the way I had a look at web2ldap. You mention that you use an ASN.1 parser from Pisces and that you feel that people may have issues with its license. Python-AD comes with its own (very simple) ASN.1 parser/generator as well. It can parse arbitrary BER, emits DER and comes with a full test suite. The code is licensed under the MIT license so it may be less concerning. Also if you really want I could re-license it under the GPL. Regards, Geert - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Torsten Kurbad wrote: > ME, ME, ME!!! :o) > > I tried several krb5 modules lying around in the net so far - and none > really worked! In fact, most of the implementations require an external > kinit call, which is NOT what I intend to let my users do... > > So, I'd very much appreciate, if you think about Michael's idea, > Geert! > What is the use case you are thinking about? As mentioned in my other email the Kerberos API is vast and while wrapping it in Python can be done (it is actually not difficult) but it is a lot of work. And after that people will want support for Heimdal, and then Windows, Mac... :-) Regards, Geert - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: [ANNOUNCE] python-ad
Michael Ströder wrote: > > Well, setting an env var is not really a good choice when running within > a multi-threaded web application... :-/ > I was thinking how one could solve the problem of per-thread credentials in python-ldap (or python-ad).. I think it can be done with the keyring credential cache code that is in recent MIT Kerberos distributions. Per-thread keyrings exist so if you set $KRB5CCNAME to "KEYRING:thread:default" then you should be able to use per-thread credentials. Regards, Geert - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: STRONG_AUTH_REQUIRED
On Tue, 2007-12-11 at 17:15 -0200, Fernando Ribeiro wrote: > How to fix STRONG_AUTH_REQUIRED error? (My ldapserver is master) > I'm receiving this error while using modify(dn, modlist) > I have a bind with rootdn and rootpw right. How are you connecting and binding to the server? Simple bind or SASL? Unencrypted or SSL/TLS? Also, which LDAP server is it? OpenLDAP can be configured to require stronger authentication for modifications - search for ssf (Security Strength Factor) in the slapd.access(5) and slap.conf(5) man pages. James Andrewartha - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
