Re: How to get a user's OUs
Gustavo Narea wrote: > > On Monday September 8, 2008 23:47:19 you wrote: >> This question is not very clear. Do you mean the attribute 'ou' of the >> user's entry or the ou-Container the user's entry is in? If you're >> working with AD it's probably the latter. Then it's the DN of the user's >> entry parent entry. > > Thanks for your answer, and sorry for not being clear. > > Say I (dn: uid=gnarea,ou=directors,dc=example,dc=org) So this is on AD? > also belong to > ou=sysadmins,dc=example,dc=org and ou=betatesters,dc=example,dc=org. How can > I > get the set of all the Organizational Units I belong to? What does "also belong to" mean? The user entry uid=gnarea,ou=directors,dc=example,dc=org being a member of a group entry? Note that groups are independent from AD's ou-structure. Regarding the ou-structure gnarea is simply in ou=directors,dc=example,dc=org. > I'm looking for something that if I give the > "uid=gnarea,ou=directors,dc=example,dc=org" DN, it returns a tuple/list made > up of the items: 'directors', 'sysadmins' and 'betatesters'. I don't know how your entries ou=sysadmins,dc=example,dc=org and ou=betatesters,dc=example,dc=org look like. > I need this because I'm using group-based authentication in my application. ^^ Authorization I guess. Please make yourself familiar with group entries and how they differ from ou entries (which are probably not what you want). Ciao, Michael. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: How to get a user's OUs
Hello, On Wednesday September 10, 2008 09:21:24 Michael Ströder wrote: > > I need this because I'm using group-based authentication in my > > application. > > ^^ > Authorization I guess. Right, sorry. > Please make yourself familiar with group entries and how they differ > from ou entries (which are probably not what you want). Thanks, I will. Cheers! -- Gustavo Narea. http://gustavonarea.net/ Get rid of unethical constraints! Switch to Freedomware: http://softwareliberty.com/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Problem using ldaps with two different CA cert files
The following code does not work in a couple of different places:
import sys
import ldap, ldap.ldapobject
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca1.pem')
conn1 = ldap.ldapobject.LDAPObject('ldaps://server1.domain:636')
#conn1.set_option(ldap.OPT_DEBUG_LEVEL, 255)
# NOTE: 1 - setting conn specific cacertfile doesn't work - only the
# module level setting seems to work
#conn1.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca1.pem')
conn1.simple_bind('mybinddn','password')
print "conn1 set up correctly"
conn1.unbind_s()
# NOTE: 2 - although this appears to work i.e. get_option returns the new
# one, the code never attempts to open /path/to/ca2.pem - I've validated
this via strace
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca2.pem')
print "cacert file =", ldap.get_option(ldap.OPT_X_TLS_CACERTFILE)
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0) # this works
conn2 = ldap.initialize('ldaps://server2.domain:636')
#conn2.set_option(ldap.OPT_DEBUG_LEVEL, 255)
# again, conn specific setting does not work
conn2.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca2.pem')
print "conn2 cacertfile=", conn2.get_option(ldap.OPT_X_TLS_CACERTFILE)
conn2.simple_bind("binddn2","password2") # errors here - cannot verify
peer server ssl cert
print "conn2 set up correctly"
Is it possible to use two different CA certs in a single python-ldap
app? I've tried using both version 2.2.0 on rhel5 and version 2.3.1 on
fedora 9
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
