possible bug(s) in python-ldap sasl code
Michael Ströder
michael at stroeder.com
Fri May 4 23:09:57 CEST 2007
Ino Heatwave wrote:
>
> Im currently testing out python-ldap and Im connecting to an active
> directory service.
>
> Binding works ok, but searching usually (usually as in I cant remember
> if it has worked at one point in time or not) ends with an error
> ("00000000: LdapErr: DSID-0C090627, comment: In order to perform this
> operation a successful bind must be completed on the connection., data
> 0, vece").
Yes. For most entries there is no anonymous access allowed in the
default installation of Active Directory.
> The data, however is received when I use the library
> asynchronously.
>( I.e it sends me the search results, then raises the
> exception).
Some entries are accessible even with anon access. But without knowing
how your code looks like it's hard to tell what happens.
> I could provide sample code that gives me this behaviour.
Yes, please provide simple test code demonstrating your issue.
> Writing a custom search method that masks this error works great though,
> but feels kinda ugly...
???
> But my main problem is: I cant bind with two different LDAPObjects on
> the same server.
Are your sure? I'm doing this all the time with web2ldap.
> E.g creating two connections to the same server, using
> sasl bind (digest-md5). The latter bind operation always raises
> "ldap.INVALID_CREDENTIALS: {'info': '00090313: LdapErr: DSID-0C09043E,
> comment: AcceptSecurityContext error, data 0, vece', 'desc': 'Invalid
> credentials'}", even though the username/password are identical. Again,
> I could provide some sample code that shows this behaviour if you're
> interested.
Please provide a simple example demostrating the problem.
The following code works for me with OpenLDAP 2.3.35:
--------------------------- snip ---------------------------
import ldap,ldap.sasl
trace_level=2
ldapcon1 = ldap.initialize('ldap://localhost:1390',trace_level=trace_level)
#ldapcon1.simple_bind_s('cn=Fred
Feuerstein,ou=Testing,dc=stroeder,dc=de','fredsecret')
sasl_auth = ldap.sasl.sasl({
ldap.sasl.CB_AUTHNAME :'fred',
ldap.sasl.CB_PASS :'fredsecret',
},'DIGEST-MD5')
ldapcon1.sasl_interactive_bind_s("", sasl_auth)
ldapcon1.search_s('',ldap.SCOPE_BASE)
ldapcon2 = ldap.initialize('ldap://localhost:1390',trace_level=trace_level)
#ldapcon2.simple_bind_s('uid=anna,ou=Testing,dc=stroeder,dc=de','annasecret')
sasl_auth = ldap.sasl.sasl({
ldap.sasl.CB_AUTHNAME :'anna',
ldap.sasl.CB_PASS :'annasecret',
},'DIGEST-MD5')
ldapcon2.sasl_interactive_bind_s("", sasl_auth)
ldapcon1.search_s('',ldap.SCOPE_BASE)
--------------------------- snip ---------------------------
> Any ideas?
Use trace_level to examine what your code really does... ;-)
Ciao, Michael.
More information about the python-ldap
mailing list