From Tor.Lindberg at non.schneider-electric.com Tue Apr 3 10:20:21 2012 From: Tor.Lindberg at non.schneider-electric.com (Tor.Lindberg at non.schneider-electric.com) Date: Tue, 3 Apr 2012 10:20:21 +0200 Subject: [python-ldap] LDAP for Python 3.x Message-ID: Hi, My name is Tor Lindberg and I'm working at Schneider Electric Buildings in Sweden. I am very curious about the status of the LDAP module for Python 3.x? We use Python a lot and upgraded all our code to Python3.1.3 since a year ago, but we really miss the LDAP module. Thanks in advance, Best regards, Tor Lindberg -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Apr 3 18:55:22 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 03 Apr 2012 18:55:22 +0200 Subject: [python-ldap] LDAP for Python 3.x In-Reply-To: References: Message-ID: <4F7B2B7A.4020701@stroeder.com> Tor, please subscribe to the python-ldap mailing list. Otherwise I have to manually approve all your postings sent to the list and you might miss some responses going solely to the list. It's really low-traffic here. http://mail.python.org/mailman/listinfo/python-ldap Tor.Lindberg at non.schneider-electric.com wrote: > I am very curious about the status of the LDAP module for Python 3.x? Some people asked for it but nobody's actively working on it. There were some patches developed by several people but nothing really for production use. Dig the mailing list's archive to find the people. Personally I currently have no personal need to work on it. This might change in the future but not sure when. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From david.smith at cornell.edu Tue Apr 3 19:18:06 2012 From: david.smith at cornell.edu (David N. Smith) Date: Tue, 3 Apr 2012 17:18:06 +0000 Subject: [python-ldap] LDAP for Python 3.x In-Reply-To: <4F7B2B7A.4020701@stroeder.com> References: , <4F7B2B7A.4020701@stroeder.com> Message-ID: <27CD135F-349E-45A2-968B-964DF4C5B8F2@cornell.edu> I'm interested in working on it, but last I heard you wanted to redesign things. Should we use this to start of a discussion on the new python 3 ldap lib? -- David On Apr 3, 2012, at 1:00 PM, "Michael Str?der" wrote: > Tor, > > please subscribe to the python-ldap mailing list. Otherwise I have to manually > approve all your postings sent to the list and you might miss some responses > going solely to the list. It's really low-traffic here. > > http://mail.python.org/mailman/listinfo/python-ldap > > Tor.Lindberg at non.schneider-electric.com wrote: >> I am very curious about the status of the LDAP module for Python 3.x? > > Some people asked for it but nobody's actively working on it. > There were some patches developed by several people but nothing really for > production use. Dig the mailing list's archive to find the people. > > Personally I currently have no personal need to work on it. This might change > in the future but not sure when. > > Ciao, Michael. > > _______________________________________________ > python-ldap mailing list > python-ldap at python.org > http://mail.python.org/mailman/listinfo/python-ldap From michael at stroeder.com Tue Apr 3 21:50:58 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 03 Apr 2012 21:50:58 +0200 Subject: [python-ldap] LDAP for Python 3.x In-Reply-To: <27CD135F-349E-45A2-968B-964DF4C5B8F2@cornell.edu> References: , <4F7B2B7A.4020701@stroeder.com> <27CD135F-349E-45A2-968B-964DF4C5B8F2@cornell.edu> Message-ID: <4F7B54A2.2030407@stroeder.com> David N. Smith wrote: > I'm interested in working on it, but last I heard you wanted to redesign things. I thought about whether it might be worth re-designing things. Not sure about this though. Mailing list readers are welcome to comment on that. > Should we use this to start of a discussion on the new python 3 ldap lib? Yes. Also have a look in TODO. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From stefanik at dsx.cz Wed Apr 4 22:46:08 2012 From: stefanik at dsx.cz (Dusan Stefanik) Date: Wed, 4 Apr 2012 22:46:08 +0200 Subject: [python-ldap] LDAP for Python 3.x In-Reply-To: <4F7B54A2.2030407@stroeder.com> References: <4F7B2B7A.4020701@stroeder.com> <27CD135F-349E-45A2-968B-964DF4C5B8F2@cornell.edu> <4F7B54A2.2030407@stroeder.com> Message-ID: <20120404204606.GF4699@portos> Hello, for peoples who wants to play or test concepts based on py3 and python-ldap can help my work (I call it translation :-) in att. On 03/04/12 at 09:50pm, Michael Str?der wrote: > David N. Smith wrote: > > I'm interested in working on it, but last I heard you wanted to redesign things. > > I thought about whether it might be worth re-designing things. Not sure about > this though. Mailing list readers are welcome to comment on that. In my opinion if C-par of code working properly and you think is nice and clean then don't touch it. On the other hand python part needs seriosly change. C-code working in bytes and in/out is typically bytes but python code is designed to use string (in py3 unicode string). I insterted several workarounds to code for converting bytes->string and string->bytes to get it work. These workarounds have surely imapact on performance. > > > Should we use this to start of a discussion on the new python 3 ldap lib? > > Yes. Also have a look in TODO. > > Ciao, Michael. > Dusan > _______________________________________________ > python-ldap mailing list > python-ldap at python.org > http://mail.python.org/mailman/listinfo/python-ldap -------------- next part -------------- A non-text attachment was scrubbed... Name: python-ldap-2.4.9-py3.diff Type: text/x-diff Size: 91564 bytes Desc: not available URL: From radomir.dopieralski at allegro.pl Fri May 18 10:30:02 2012 From: radomir.dopieralski at allegro.pl (Radomir Dopieralski) Date: Fri, 18 May 2012 10:30:02 +0200 Subject: [python-ldap] Licensing Message-ID: <3F577A73-A6DE-4DA7-888A-4C964DDFF309@allegro.pl> Hello, we are using python-ldap in our project that we want to publish as open source software on behalf of our company. However, before we can do so, we have to clear all the licensing problems with our lawyers, in particular, we have to make sure that the licenses of all the libraries we use let us publish the code under an open source license. We collected all the licenses of all our dependencies, but there is a problem with python-ldap: the LICENSE file in the project's repository only mentions that python-ldap is distributed under a "python-style" license, and then has a disclaimer. However, it does not contain a specific text of the license or any reference to a particular version of "python license" -- the page http://docs.python.org/license.html lists a number of different licenses for different versions of Python. Without a concrete text of the license for our lawyers to review we are blocked from releasing our project to the public, as it is perceived as threat to the company. Would it be possible to include a full text of the license in the LICENSE file, or an unambiguous reference to a specific license? That would help us a lot. Thank you, -- Radomir Dopieralski radomir.dopieralski at allegro.pl -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2860 bytes Desc: not available URL: From michael at stroeder.com Fri May 18 18:16:37 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 18 May 2012 18:16:37 +0200 Subject: [python-ldap] Licensing In-Reply-To: <3F577A73-A6DE-4DA7-888A-4C964DDFF309@allegro.pl> References: <3F577A73-A6DE-4DA7-888A-4C964DDFF309@allegro.pl> Message-ID: <4FB675E5.1040402@stroeder.com> Radomir Dopieralski wrote: > we are using python-ldap in our project that we want to publish as open > source software on behalf of our company. However, before we can do so, we > have to clear all the licensing problems with our lawyers, in particular, > we have to make sure that the licenses of all the libraries we use let us > publish the code under an open source license. > > We collected all the licenses of all our dependencies, but there is a > problem with python-ldap: the LICENSE file in the project's repository only > mentions that python-ldap is distributed under a "python-style" license, > and then has a disclaimer. However, it does not contain a specific text of > the license or any reference to a particular version of "python license" -- > the page http://docs.python.org/license.html lists a number of different > licenses for different versions of Python. > > Without a concrete text of the license for our lawyers to review we are > blocked from releasing our project to the public, as it is perceived as > threat to the company. Would it be possible to include a full text of the > license in the LICENSE file, or an unambiguous reference to a specific > license? That would help us a lot. Mentioning a Python style license was my fault for two reasons: 1. It is an obstacle to incorporate python-ldap into Python's standard lib. 2. It's not precise enough as you already said. Mainly the term "Python style" was used to express that you should be able to do whatever you're allowed to do with Python. The two authors (David and me) writing most of the code could agree on a quite liberal open source license. But since we did not insist on written statements to agree upon a license for the few contributions made by others we would have to ask all contributors. Most of them are not subscribed to the list anymore I guess. Frankly I'm not sure what to do to clarify this unfortunate situation. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From Chris.Doherty at ca.flextronics.com Thu May 24 19:26:34 2012 From: Chris.Doherty at ca.flextronics.com (Chris Doherty) Date: Thu, 24 May 2012 10:26:34 -0700 Subject: [python-ldap] Authenticating against Active Directory always returns (97, []) Message-ID: <660EAD79298F7B4AA2B6428CE8165045084EF8CF@AMSACEX2.americas.ad.flextronics.com> I am trying to perform simple authentication to a 2003 Active Directory using python ldap (CentOS 6.2 x86_64, Python 2.6.6, python-ldap 2.3.10 from the CentOS repos). Despite following all the usual steps in the init, including conn.set_option(ldap.OPT_REFERRALS, 0) if I pass the correct credentials I always get a (97, []) returned: >>> import ldap >>> conn = ldap.initialize('ldap://ad.server.domain.com') >>> conn.protocol_version = 3 >>> conn.set_option(ldap.OPT_REFERRALS, 0) >>> conn.simple_bind_s('user at domain.com', 'WrongPassword') ldap.INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece', 'desc': 'Invalid credentials'} >>> conn.simple_bind_s('user at domain.com', 'CorrectPassword') (97, []) Error code 97 is not a success; it's the LDAP_REFERRAL_LIMIT_EXCEEDED error being returned from AD. Setting ldap.OPT_REFERRALS to 0 is supposed to stop this, but it's not working. Even more frustrating is that this script is a migration from an old Perl script using Net::LDAP, which does return 0 for a successful authenticated bind to the same AD and server, otherwise I would be inclined to think there's something wrong with the AD servers. I have tested python-ldap 2.2.0 and python 2.4.4 on an old CentOS 5.5 box I had lying around and it "fails" in exactly the same way. I turned on python-ldap and LDAP lib debugging and ran it again: Python 2.6.6 (r266:84292, Dec 7 2011, 20:48:22) [GCC 4.4.6 20110731 (Red Hat 4.4.6-3)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ldap >>> ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095) >>> conn = ldap.initialize('ldap://server.sub.domain.com:389', trace_level=2) ldap_create ldap_url_parse_ext(ldap://server.domain.com:389) *** ldap://server.sub.domain.com:389 - SimpleLDAPObject.set_option ((17, 3),{}) >>> conn.protocol_version = 3 *** ldap://server.sub.domain.com:389 - SimpleLDAPObject.set_option ((17, 3),{}) >>> conn.set_option(ldap.OPT_REFERRALS, 0) *** ldap:// server.sub.domain.com:389 - SimpleLDAPObject.set_option ((8, 0),{}) >>> conn.simple_bind_s('user at sub.domain.com', 'CorrectPassword.') *** ldap:// server.sub.domain.com:389 - SimpleLDAPObject.simple_bind (('user at sub.domain.com', CorrectPassword.', None, None),{}) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP server.sub.domain.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.999.999.999:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request => result: 1 *** ldap://server.sub.domain.com:389 - SimpleLDAPObject.result3 ((1, 1, -1),{}) ldap_result ld 0x14751f0 msgid 1 wait4msg ld 0x14751f0 msgid 1 (infinite timeout) wait4msg continue ld 0x14751f0 msgid 1 all 1 ** ld 0x14751f0 Connections: * host: server.sub.domain.com port: 389 (default) refcnt: 2 status: Connected last used: Thu May 24 13:10:30 2012 ** ld 0x14751f0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x14751f0 request count 1 (abandoned 0) ** ld 0x14751f0 Response Queue: Empty ld 0x14751f0 response count 0 ldap_chkResponseList ld 0x14751f0 msgid 1 all 1 ldap_chkResponseList returns ld 0x14751f0 NULL ldap_int_select read1msg: ld 0x14751f0 msgid 1 all 1 read1msg: ld 0x14751f0 msgid 1 message type bind read1msg: ld 0x14751f0 0 new referrals read1msg: mark request completed, ld 0x14751f0 msgid 1 request done: ld 0x14751f0 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ldap_msgfree => result: (97, [], 1, []) (97, []) -- Chris Doherty Software Engineer Advanced Systems Engineering FLEXComputing chris.doherty at ca.flextronics.com www.flextronics.com Ph +1 289 288 1509 Fax +1 289 288 1549 Legal Disclaimer: The information contained in this message may be privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete or destroy any copy of this message From michael at stroeder.com Thu May 24 19:51:54 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 24 May 2012 19:51:54 +0200 Subject: [python-ldap] Authenticating against Active Directory always returns (97, []) In-Reply-To: <660EAD79298F7B4AA2B6428CE8165045084EF8CF@AMSACEX2.americas.ad.flextronics.com> References: <660EAD79298F7B4AA2B6428CE8165045084EF8CF@AMSACEX2.americas.ad.flextronics.com> Message-ID: <4FBE753A.8000802@stroeder.com> Chris Doherty wrote: > I am trying to perform simple authentication to a 2003 Active Directory > using python ldap (CentOS 6.2 x86_64, Python 2.6.6, python-ldap 2.3.10 > from the CentOS repos). > > Despite following all the usual steps in the init, including > > conn.set_option(ldap.OPT_REFERRALS, 0) > > if I pass the correct credentials I always get a (97, []) returned: Yes, that's correct. > Error code 97 is not a success; it's the LDAP_REFERRAL_LIMIT_EXCEEDED > error being returned from AD. The 97 is not the LDAP result code. It's the result type ldap.RES_BIND. Normally you don't have to look at the results returned by LDAPObject.simple_bind_s() (unless you want to extract the bind response controls). If the LDAP result code is not 0 the accompanying exception is raised like ldap.INVALID_CREDENTIALS in your example. So your code should look like this: try: conn.simple_bind_s('user at domain.com', 'WrongPassword') except ldap.INVALID_CREDENTIALS: user_error_msg('wrong password provided') Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From Chris.Doherty at ca.flextronics.com Thu May 24 20:37:47 2012 From: Chris.Doherty at ca.flextronics.com (Chris Doherty) Date: Thu, 24 May 2012 11:37:47 -0700 Subject: [python-ldap] Authenticating against Active Directory always returns (97, []) In-Reply-To: <4FBE753A.8000802@stroeder.com> References: <660EAD79298F7B4AA2B6428CE8165045084EF8CF@AMSACEX2.americas.ad.flextronics.com> <4FBE753A.8000802@stroeder.com> Message-ID: <660EAD79298F7B4AA2B6428CE81650450853C806@AMSACEX2.americas.ad.flextronics.com> > The 97 is not the LDAP result code. It's the result type ldap.RES_BIND. > So your code should look like this: > > try: > conn.simple_bind_s('user at domain.com', 'WrongPassword') > except ldap.INVALID_CREDENTIALS: > user_error_msg('wrong password provided') That has...important implications. Most notably, vanilla 2003 Active Directory will allow anonymous binds, and anonymous searches on the root DSE (only), but will not throw an authentication error unless one tries to search lower in the LDAP tree. What was confusing me was the fact that this works: >>> conn.simple_bind_s('', 'CorrectPassword') (97, []) >>> conn.simple_bind_s('', '') (97, []) which I now see is working entirely as designed, but doing a simple bind only is the commonly encountered pattern for authenticating against Active Directory. It seems that simple_bind_s() followed by some trivial search is the correct way to go here to ensure that actual authentication is taking place. Thank you for your prompt response, this has been very helpful. Legal Disclaimer: The information contained in this message may be privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete or destroy any copy of this message From bcooksley at kde.org Sun May 27 22:53:28 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Mon, 28 May 2012 08:53:28 +1200 Subject: [python-ldap] Problems with Syncrepl in refresh and persist mode when reconnecting after database changes In-Reply-To: References: Message-ID: Hi all, I am currently experimenting with the Syncrepl demo application, and when I test the following scenario, I can reliably get it to bail out: - Perform a first start, and let it settle and sync it's database. Any changes made while it is running will be handled correctly - Stop the demo, and make a change to one of the previously monitored items - Starting the demo again will now cause it to fail with this error: pyasn1.type.error.ValueConstraintError: ConstraintsIntersection(ConstraintsIntersection(), SingleValueConstraint(0, 1)) failed at: "SingleValueConstraint(0, 1) failed at: "-1"" at Boolean Prior to it failing, it outputs the following: ?[('1.3.6.1.4.1.4203.1.9.1.4', '\xa3\x17\x01\x01\xff1\x12\x04\x10\xad\xad\x1a\x14,U\x101\x8cT\x0f}\xd3W\xabt', [])] I will also note that the Perl LDAP bindings also fail when attempting to operate in this manner - but not with a decoding failure. Instead, the syncUUIDs values it provides are too short (15 characters instead of 16 - a RFC violation), and corrupted (when decoded into a text representation, only numbers are given instead of the usual letters and numbers, and the strings are too short as well) If I bind as the root DN, then this issue does not occur, however it seems to be merely avoided as the Intermediate Sync Control isn't sent, instead it sends LDAP Entries for each changed item (even if multiple items are changed). Is this a bug in both the Python and Perl LDAP bindings, or in OpenLDAP? For both, the user being used here has sufficient permissions to read and write the entries that are being modified. They are handled properly if the Python or Perl processes are running when the modification is made. OpenLDAP 2.4.26 (OpenSUSE 12.1) and OpenLDAP 2.4.23 (Debian Squeeze) were the two servers I tested against, both using the 'syncprov' overlay, with the following options: ?syncprov-checkpoint 100 10 ?syncprov-sessionlog 100 I tested with pyasn1 0.1.3 and python-ldap 2.4.9. Any pointers as to why this is not working would be fantastic. Thanks, Ben Cooksley KDE Sysadmin From ilya at glas.net Mon May 28 11:35:46 2012 From: ilya at glas.net (Ilya Etingof) Date: Mon, 28 May 2012 13:35:46 +0400 (GMT-4) Subject: [python-ldap] Problems with Syncrepl in refresh and persist mode when reconnecting after database changes In-Reply-To: References:

Message-ID: It looks like a bug in pyasn1 0.1.3 - it fails on your encoding as you mention. However it works with pyasn1 0.1.4rc4: >>> from pyasn1.codec.ber import decoder >>> decoder.decode('\xa3\x17\x01\x01\xff1\x12\x04\x10\xad\xad\x1a\x14,U\x101\x8cT\x0f}\xd3W\xabt') (Boolean('True'), '') >>> http://sourceforge.net/projects/pyasn1/files/pyasn1/0.1.4/pyasn1-0.1.4rc4.tar.gz/download -ilya > I tested with pyasn1 0.1.3 and python-ldap 2.4.9. > Any pointers as to why this is not working would be fantastic. From bcooksley at kde.org Tue May 29 10:31:09 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Tue, 29 May 2012 20:31:09 +1200 Subject: [python-ldap] Problems with Syncrepl in refresh and persist mode when reconnecting after database changes In-Reply-To: References:

Message-ID: On Mon, May 28, 2012 at 9:35 PM, Ilya Etingof wrote: > > It looks like a bug in pyasn1 0.1.3 - it fails on your encoding as you > mention. However it works with pyasn1 0.1.4rc4: Thanks Ilya, it works perfectly with pyasn1 0.1.4rc4. As for the weird behaviour I was seeing with Perl (and Python now the pyasn1 issue is fixed) it was caused by a lack of read access to the entryUUID and entryCSN attributes on the OpenLDAP server.... Regards, Ben > >>>> from pyasn1.codec.ber import decoder >>>> >>>> decoder.decode('\xa3\x17\x01\x01\xff1\x12\x04\x10\xad\xad\x1a\x14,U\x101\x8cT\x0f}\xd3W\xabt') > > (Boolean('True'), '') >>>> >>>> > > http://sourceforge.net/projects/pyasn1/files/pyasn1/0.1.4/pyasn1-0.1.4rc4.tar.gz/download > > -ilya > > >> I tested with pyasn1 0.1.3 and python-ldap 2.4.9. >> Any pointers as to why this is not working would be fantastic. From d.bajal at hostcomm.ru Wed May 30 13:17:39 2012 From: d.bajal at hostcomm.ru (=?UTF-8?B?0JHQsNC20LDQuyDQlNC80LjRgtGA0LjQuQ==?=) Date: Wed, 30 May 2012 15:17:39 +0400 Subject: [python-ldap] python-ldap and password policies Message-ID: <4FC601D3.3070905@hostcomm.ru> Good day. The question of my request is about to work with password policies described at http://www.openldap.org/doc/admin24/overlays.html (12.10. Password Policies). I'm using latest(2.4.9) version of python-ldap and it's used for user's password web-interface. We are going to use password policies I was saying earlier in our corporate ldap server, and the problem is to catch detailed constraint violation messages. For example, using command-line utilities shown below we get an "Additional info". # ldappasswd -a password1 -s password1 -D uid=user,ou=users,dc=corp -H ldap://devel.ldap -w password1 -v -x -ZZ ldap_initialize( ldap://devel.ldap:389/??base ) Result: Constraint violation (19) Additional info: Password is not being changed from existing value And when trying to break same policy with python-ldap: >>> ldap_con.modify_s('uid=user,ou=users,dc=corp', [(ldap.MOD_REPLACE, 'password1', 'password1')]) Traceback (most recent call last): File "", line 1, in File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 357, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 458, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 462, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) CONSTRAINT_VIOLATION: {'info': 'modify breaks constraint on userPassword', 'desc': 'Constraint violation'} Is there any way to extend exception info with any details? Best regards, Bazhal Dmitry. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4897 bytes Desc: ?????????????????????????????????? ?????????????? S/MIME URL: From bcooksley at kde.org Wed May 30 14:38:16 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Thu, 31 May 2012 00:38:16 +1200 Subject: [python-ldap] syncrepl with refreshAndPersist not detecting deletes Message-ID: Hi all, With some help of the demo application, I now have a LDAP Syncrepl client largely working. It detects additions, modifications and deletions upon resuming perfectly, and additions and modifications when persisting without problems too. Unfortunately, it completely misses deletes when persisting. It does not even get a new cookie. Any ideas? I'll see if I can get any evidence of OpenLDAP sending messages but python-ldap filtering them out. Thanks, Ben Cooksley KDE Sysadmin From michael at stroeder.com Wed May 30 17:56:18 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 30 May 2012 17:56:18 +0200 Subject: [python-ldap] syncrepl with refreshAndPersist not detecting deletes In-Reply-To: References: Message-ID: <4FC64322.40307@stroeder.com> Ben Cooksley wrote: > With some help of the demo application, I now have a LDAP Syncrepl > client largely working. It detects additions, modifications and > deletions upon resuming perfectly, and additions and modifications > when persisting without problems too. I'd appreciate if you would contribute improvements to Demo/pyasn1/syncrepl.py if possible. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Wed May 30 18:07:58 2012 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Wed, 30 May 2012 18:07:58 +0200 Subject: [python-ldap] python-ldap and password policies In-Reply-To: <4FC601D3.3070905@hostcomm.ru> References: <4FC601D3.3070905@hostcomm.ru> Message-ID: <4FC645DE.3000604@stroeder.com> ????? ??????? wrote: > The question of my request is about to work with password policies described > at http://www.openldap.org/doc/admin24/overlays.html (12.10. Password Policies). There's a deficiency in the current API which does not return response controls in case the LDAP error code was not 0. See text in file TODO: - Attach response controls to LDAPError instances to deliver the controls to the calling application in case of an error > For example, using command-line utilities shown below we get an "Additional info". > # ldappasswd -a password1 -s password1 -D uid=user,ou=users,dc=corp -H > ldap://devel.ldap -w password1 -v -x -ZZ > ldap_initialize( ldap://devel.ldap:389/??base ) > Result: Constraint violation (19) > Additional info: Password is not being changed from existing value But in this case above LDAPv3 extended controls are not part of the game since you're not using command-line option -e. What's printed after "Additional info:" by OpenLDAP's client tool is simply the diagnosticMessage (formerly info) extracted from the LDAP response. This is also returned in LDAPError object instances as seen in your example. > CONSTRAINT_VIOLATION: {'info': 'modify breaks constraint on userPassword', > 'desc': 'Constraint violation'} Since 'info' differs these are not the very same error cases I guess. You would extract those fields by accessing: e.args[0]['desc'] e.args[0]['info'] Don't know why these strings are not accessible via simple class attributes though. This is very old code in Modules/errors.c and surely could be improved. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From cmikk at qwest.net Wed May 30 18:50:55 2012 From: cmikk at qwest.net (Chris Mikkelson) Date: Wed, 30 May 2012 11:50:55 -0500 Subject: [python-ldap] syncrepl with refreshAndPersist not detecting deletes In-Reply-To: References: Message-ID: <20120530165054.GA5101@uerige.oss.uswest.net> On Thu, May 31, 2012 at 12:38:16AM +1200, Ben Cooksley wrote: > Hi all, > > With some help of the demo application, I now have a LDAP Syncrepl > client largely working. It detects additions, modifications and > deletions upon resuming perfectly, and additions and modifications > when persisting without problems too. > > Unfortunately, it completely misses deletes when persisting. It does > not even get a new cookie. > Any ideas? > > I'll see if I can get any evidence of OpenLDAP sending messages but > python-ldap filtering them out. Yes, please do. The easiest way to do this is to connect with: ldapsearch ${auth_options} ${search_options} -E \!sync=rp This should pause after printing the search results and "SyncInfo Received". When you delete a DN which matches the search, you should see something like: dn: ... control: 1.3.6.1.4.1.4203.1.9.1.2 false MEsKAQMEENvalhY+vhAxkhS55kGsVLgENHJpZD 0wMDAsY3NuPTIwMTIwNTMwMTYxODU4LjM4NTU3NlojMDAwMDAwIzAwMCMwMDAwMDA= Also, if possible, please upgrade OpenLDAP. They've fixed a lot of syncprov bugs since 2.4.26. I just did a quick and successful retest of this scenario with 2.4.31. -- Chris Mikkelson | "For every complex problem, there is a solution cmikk at qwest.net | that is simple, neat, and wrong." | -- H. L. Mencken From bcooksley at kde.org Thu May 31 02:57:09 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Thu, 31 May 2012 12:57:09 +1200 Subject: [python-ldap] syncrepl with refreshAndPersist not detecting deletes In-Reply-To: <20120530165054.GA5101@uerige.oss.uswest.net> References: <20120530165054.GA5101@uerige.oss.uswest.net> Message-ID: On Thu, May 31, 2012 at 4:50 AM, Chris Mikkelson wrote: > On Thu, May 31, 2012 at 12:38:16AM +1200, Ben Cooksley wrote: >> Hi all, >> >> With some help of the demo application, I now have a LDAP Syncrepl >> client largely working. It detects additions, modifications and >> deletions upon resuming perfectly, and additions and modifications >> when persisting without problems too. >> >> Unfortunately, it completely misses deletes when persisting. It does >> not even get a new cookie. >> Any ideas? >> >> I'll see if I can get any evidence of OpenLDAP sending messages but >> python-ldap filtering them out. > > Yes, please do. The easiest way to do this is to connect with: Hi Chris, > > ? ? ? ?ldapsearch ${auth_options} ${search_options} -E \!sync=rp As I expected, this didn't work, at least initially. Turns out this was caused by a lack of permissions. I was using a filter to limit the granting of the access rights, removing said filter made it work (deletion notifications have no attributes so the filter could not match). > > This should pause after printing the search results and > "SyncInfo Received". When you delete a DN which matches > the search, you should see something like: > > ?dn: ... > ?control: 1.3.6.1.4.1.4203.1.9.1.2 false MEsKAQMEENvalhY+vhAxkhS55kGsVLgENHJpZD > ? 0wMDAsY3NuPTIwMTIwNTMwMTYxODU4LjM4NTU3NlojMDAwMDAwIzAwMCMwMDAwMDA= Yep. After fixing the access control problem, that now works. (Running slapd with "-d acl" helps, especially when it works under the Root DN) > > Also, if possible, please upgrade OpenLDAP. They've fixed > a lot of syncprov bugs since 2.4.26. I just did a quick > and successful retest of this scenario with 2.4.31. Thanks for the notice. It seems to work okay on my 2.4.26 system for testing purposes, i'll consider upgrading the production system though. > > -- > Chris Mikkelson ?| ?"For every complex problem, there is a solution > cmikk at qwest.net ?| ?that is simple, neat, and wrong." > ? ? ? ? ? ? ? ? | ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- H. L. Mencken Regards, Ben From bcooksley at kde.org Thu May 31 03:25:57 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Thu, 31 May 2012 13:25:57 +1200 Subject: [python-ldap] syncrepl with refreshAndPersist not detecting deletes In-Reply-To: <4FC64322.40307@stroeder.com> References: <4FC64322.40307@stroeder.com> Message-ID: On Thu, May 31, 2012 at 3:56 AM, Michael Str?der wrote: > Ben Cooksley wrote: >> With some help of the demo application, I now have a LDAP Syncrepl >> client largely working. It detects additions, modifications and >> deletions upon resuming perfectly, and additions and modifications >> when persisting without problems too. > > I'd appreciate if you would contribute improvements to > Demo/pyasn1/syncrepl.py if possible. Hi Michael, Please find the application I have written so far attached. It is complete in terms of the LDAP functionality, as far as I have been able to tell from my testing. Key changes: - Use of Shelve module instead of anydbm, to allow storage of all attributes sent to us by the server. - Proper closing of the data store to avoid corruption (particularly relevant to anydbm on some systems) - Handling of signals term and int. - Handling of loss of connection to LDAP server, attempting to reconnect every 5 seconds. - Checks to ensure we don't try to delete a UUID we do not know about. - Move of the configuration values such as the LDAP filter, bind dn and password to seperate variables to ease configuration. - Provides a 'hook' function to isolate the LDAP handling logic from the application handling logic (such as database updating). As I made some of these changes I did rename some variables however (the big one being __db to __data) so it may be hard to diff them. Otherwise, it makes use of the base of the existing syncrepl demo. I will note, the account you run this under requires access to entryUUID and entryCSN of all objects it is monitoring in order to function properly, and your LDAP server must index those properties as 'pres, eq', otherwise things will not work properly from what I have seen in my tests. Thanks, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: sync.py Type: text/x-python Size: 4772 bytes Desc: not available URL: From al.willmer at logica.com Fri Jun 1 15:38:37 2012 From: al.willmer at logica.com (Alex Willmer) Date: Fri, 1 Jun 2012 13:38:37 +0000 (UTC) Subject: [python-ldap] Link error on Docs page of website Message-ID: Hi, There is an incorrect hyper-link on the python-ldap homepage. The page http://www.python-ldap.org/docs.shtml the link to LDAP Applications: Part 4 - LDAP Schema is http://www.packtpub.com/article/python-ldap-applications-ldap-schema/li the correct url is http://www.packtpub.com/article/python-ldap-applications-ldap-schema Regards, Alex From michael at stroeder.com Fri Jun 1 19:08:21 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 01 Jun 2012 19:08:21 +0200 Subject: [python-ldap] Link error on Docs page of website In-Reply-To: References: Message-ID: <4FC8F705.1030702@stroeder.com> Alex Willmer wrote: > There is an incorrect hyper-link on the python-ldap homepage. The page > http://www.python-ldap.org/docs.shtml the link to LDAP Applications: Part 4 - LDAP > Schema is > > http://www.packtpub.com/article/python-ldap-applications-ldap-schema/li > > the correct url is > > http://www.packtpub.com/article/python-ldap-applications-ldap-schema Thanks! Fixed now. And I've updated/removed other links too. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Sat Jun 2 17:25:04 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sat, 02 Jun 2012 17:25:04 +0200 Subject: [python-ldap] syncrepl with refreshAndPersist not detecting deletes In-Reply-To: References: <4FC64322.40307@stroeder.com> Message-ID: <4FCA3050.60803@stroeder.com> Ben Cooksley wrote: > Please find the application I have written so far attached. Thanks. I'm currently tweaking it a bit before committing: 1. Read LDAP params from LDAP URL passed as command-line argument. 2. Database pathname as command-line argument. 3. Added doc string with some hints. 4. Use ReconnectLDAPObject for handling connection failures. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2317 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Thu Jun 7 20:48:33 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 07 Jun 2012 20:48:33 +0200 Subject: [python-ldap] ANN: python-ldap 2.4.10 Message-ID: <4FD0F781.7020104@stroeder.com> Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.4.10 python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAP URLs and LDAPv3 schema). Project's web site: http://www.python-ldap.org/ Ciao, Michael. ---------------------------------------------------------------- Released 2.4.10 2012-06-07 Changes since 2.4.9: Lib/ * ldapobject.ReconnectLDAPObject.reconnect() now preserves order of options set with LDAPObject.set_option before. This is needed e.g. for setting connection-specific TLS options. Demo/ * Better version of Demo/pyasn1/syncrepl.py (thanks to Ben Cooksley) ---------------------------------------------------------------- Released 2.4.9 2012-03-14 Changes since 2.4.8: Lib/ * ldapobject.ReconnectLDAPObject.reconnect() now does kind of an internal locking to pause other threads while reconnecting is pending. * Changes to bind- and startTLS-related operation methods of class ReconnectLDAPObject for more robustness * New constant ldap.OPT_NAMES_DICT contains mapping from integer to variable name for all option-related constants. From fmendezpalma at gmail.com Wed Jun 13 10:23:02 2012 From: fmendezpalma at gmail.com (=?ISO-8859-1?Q?Francisco_M=E9ndez?=) Date: Wed, 13 Jun 2012 10:23:02 +0200 Subject: [python-ldap] Ldap search doesn't return all attributes required Message-ID: Hi, I'm new in the list, I hope I'll find some help here. Thanks in advance. I'm trying to do a simple search in a LDAP directory. From a main routine, I call two functions: one to connect to the LDAP directory (I just want to make a search, so I do not bind) and then, I call the function that makes the search. The problem: not all atributtes are returned, I have no way to get "employeeNumber" attribute. No error given. Other attributes (cn, homeDirectory) are returned correctly. MAIN ROUTINE *[...]* *l.connect2()* *filter="(cn=*)"* *search = l.search2("ou=People",filter,["cn","employeeNumber","homeDirectory"])* *[...]* LDAP CONNECT CLASS *[...]* * def connect2(self):* * ## first you must open a connection to the server* * try:* * self.connection = ldap.open("172.23.36.5")* * self.connection.protocol_version = ldap.VERSION3* * except ldap.LDAPError, e:* * print e* * * *def search2(self,baseDN,filter,retrieveAttributes):* * searchScope = ldap.SCOPE_SUBTREE* * import pdb* * try:* * ldap_result_id = self.connection.search(baseDN+ ",dc=instituto,dc=extremadura,dc=es", ldap.SCOPE_SUBTREE, filter, retrieveAttributes)* * result_set = []* * while 1:* * result_type, result_data = self.connection.result(ldap_result_id, 0)* * pdb.set_trace()* * if (result_data == []):* * break* * else:* * if result_type == ldap.RES_SEARCH_ENTRY:* * result_set.append(result_data)* * return result_set* * except ldap.LDAPError, e:* * print e* *[...]* employeeNumber attribute (from LDAP) employeeNumberDescripci?nRFC2798: numerically identifies an employee within an organizationOID2.16.840.1.113730.3.1.3ObsoletoNoHereda de IgualdadcaseIgnoreMatch Ordenaci?n(no especificado)Regla de subcadenacaseIgnoreSubstringsMatch Sint?xisDirectory String (1.3.6.1.4.1.1466.115.121.1.15) UnivaludadoS?ColectivoNoModificado por el usuarioS?Uso(no especificado)Longitud m?xima(no aplicable)Alias(ninguno)Usado por la clase de objetoinetOrgPersonForzar a MAY por configuraci?nNo -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Wed Jun 13 10:27:46 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 13 Jun 2012 10:27:46 +0200 Subject: [python-ldap] Ldap search doesn't return all attributes required In-Reply-To: References: Message-ID: <4FD84F02.40109@stroeder.com> Francisco M?ndez wrote: > The problem: not all atributtes are returned, I have no way to get > "employeeNumber" attribute. No error given. Other attributes (cn, > homeDirectory) are returned correctly. Are you 100% sure that 1. the attribute is filled for all entries you read and 2. that the identity your application binds with (anonymous in your case) is allowed to read the attribute? Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Wed Jun 13 10:36:05 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 13 Jun 2012 10:36:05 +0200 Subject: [python-ldap] Ldap search doesn't return all attributes required In-Reply-To: References: <4FD84F02.40109@stroeder.com> Message-ID: <4FD850F5.1040908@stroeder.com> Please stay on the mailing list so others can answer and learn as well. Francisco M?ndez wrote: > 1. Yes. > 2. I'm not sure that anonymous is allowed to read the attribute ... how can I > check that? Talk to your LDAP administrator about server-side access control. It's very likely he wants to give you a service account your application has to bind with. In general your application should be configurable regarding bind. Ciao, Michael. > 2012/6/13 Michael Str?der > > > Francisco M?ndez wrote: > > The problem: not all atributtes are returned, I have no way to get > > "employeeNumber" attribute. No error given. Other attributes (cn, > > homeDirectory) are returned correctly. > > Are you 100% sure that > 1. the attribute is filled for all entries you read and > 2. that the identity your application binds with (anonymous in your case) is > allowed to read the attribute? > > Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From satyaprakash.prasad at gmail.com Thu Jun 28 07:18:55 2012 From: satyaprakash.prasad at gmail.com (Satya Prakash Prasad) Date: Thu, 28 Jun 2012 10:48:55 +0530 Subject: [python-ldap] Unable to build python-ldap-2.3.13 Message-ID: I downloaded Python LDAP 2.3.13 from http://pypi.python.org/pypi/python-ldap/2.3.13 but while trying to build it gives me below error: ldap/python-ldap-2.3.13> python setup.py build extra_compile_args: extra_objects: include_dirs: /usr/local/openldap-2.3/include /usr/include/sasl library_dirs: /usr/local/openldap-2.3/lib libs: ldap_r lber sasl2 ssl crypto running build running build_py file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found creating build creating build/lib.linux-x86_64-2.7 copying Lib/ldapurl.py -> build/lib.linux-x86_64-2.7 copying Lib/ldif.py -> build/lib.linux-x86_64-2.7 copying Lib/dsml.py -> build/lib.linux-x86_64-2.7 creating build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/__init__.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/async.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/controls.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/cidict.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/dn.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/filter.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/functions.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/ldapobject.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/modlist.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/resiter.py -> build/lib.linux-x86_64-2.7/ldap copying Lib/ldap/sasl.py -> build/lib.linux-x86_64-2.7/ldap creating build/lib.linux-x86_64-2.7/ldap/schema copying Lib/ldap/schema/__init__.py -> build/lib.linux-x86_64-2.7/ldap/schema copying Lib/ldap/schema/models.py -> build/lib.linux-x86_64-2.7/ldap/schema copying Lib/ldap/schema/subentry.py -> build/lib.linux-x86_64-2.7/ldap/schema copying Lib/ldap/schema/tokenizer.py -> build/lib.linux-x86_64-2.7/ldap/schema file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found running egg_info writing requirements to Lib/python_ldap.egg-info/requires.txt writing Lib/python_ldap.egg-info/PKG-INFO writing top-level names to Lib/python_ldap.egg-info/top_level.txt writing dependency_links to Lib/python_ldap.egg-info/dependency_links.txt file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found reading manifest file 'Lib/python_ldap.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no files found matching 'Makefile' warning: no files found matching 'Modules/LICENSE' writing manifest file 'Lib/python_ldap.egg-info/SOURCES.txt' running build_ext building '_ldap' extension creating build/temp.linux-x86_64-2.7 creating build/temp.linux-x86_64-2.7/Modules -DHAVE_LIBLDAP_R -DHAVE_SASL -DHAVE_TLS -DLDAPMODULE_VERSION=2.3.13 -IModules -I/usr/local/openldap-2.3/include -I/usr/include/sasl -Ibin/python/usr/local/include/python2.7 -c Modules/LDAPObject.c -o build/temp.linux-x86_64-2.7/Modules/LDAPObject.o unable to execute -DHAVE_LIBLDAP_R: No such file or directory error: command '-DHAVE_LIBLDAP_R' failed with exit status 1 ldap/python-ldap-2.3.13> Please let me know how to solve this? From ubuntu at fachschaft.physik.uni-bielefeld.de Fri Jun 29 17:07:47 2012 From: ubuntu at fachschaft.physik.uni-bielefeld.de (Viktor) Date: Fri, 29 Jun 2012 17:07:47 +0200 Subject: [python-ldap] LDAPError has wrong type, gives AttributeError Message-ID: <6010_1340982464_ZZh0Y3R04jKQ7.00_4FEDC4C3.6070200@fachschaft.physik.uni-bielefeld.de> Hi, I am trying to write a cronjob that asks an LDAP-server periodically to get the members for mailing lists that are then fed to mailman. It already is working, but I am now trying to modularize it more in order to make the version public. When the connection is established, I have the following lines: try: conn = ldap.initialize(uri) conn.simple_bind_s('','') lists = conn.search_s(oulists + "," + base, ldap.SCOPE_SUBTREE, , (objectClass=groupOfNames)", []) people = conn.search_s(oupeople + "," + base, ldap.SCOPE_SUBTREE, "(objectClass=*)", []) conn.unbind_s() except ldap.LDAPError as errors: print(errors) for error in errors.args: if error.has_key('desc'): syslog.syslog(syslog.LOG_ERR, error['desc']) if error.has_key('info'): syslog.syslog(syslog.LOG_ERR, error['info']) return False This usually worked and I did not change this part, but now I get an error: AttributeError: 'int' object has no attribute 'has_key' If I add a "print(errors)" to the except clause, I get (11, 'Resource temporarily unavailable') which explains the error but is not in accordance with the documentation ( http://www.python-ldap.org/doc/html/ldap.html#exceptions ) Does anyone have an idea what is going wrong? From michael at stroeder.com Fri Jun 29 18:47:41 2012 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 29 Jun 2012 18:47:41 +0200 Subject: [python-ldap] LDAPError has wrong type, gives AttributeError In-Reply-To: <6010_1340982464_ZZh0Y3R04jKQ7.00_4FEDC4C3.6070200@fachschaft.physik.uni-bielefeld.de> References: <6010_1340982464_ZZh0Y3R04jKQ7.00_4FEDC4C3.6070200@fachschaft.physik.uni-bielefeld.de> Message-ID: <4FEDDC2D.1090305@stroeder.com> Viktor wrote: > I am trying to write a cronjob that asks an LDAP-server periodically to > get the members for mailing lists that are then fed to mailman. We're also doing something like this with a Perl script written by a colleague based on groupOfNames/member schema and OpenLDAP's slapo-memberof. > It already is working, but I am now trying to modularize it more in order > to make the version public. I'd be interested to see this. Will you release it as open source? Also it might be worth to think about turning it into a syncrepl client if the LDAP server is an OpenLDAP server. This way changes to groups would be immediately synced to Mailman. > except ldap.LDAPError as errors: > print(errors) > for error in errors.args: > if error.has_key('desc'): > syslog.syslog(syslog.LOG_ERR, error['desc']) > if error.has_key('info'): > syslog.syslog(syslog.LOG_ERR, error['info']) > return False > > This usually worked and I did not change this part, but now I get an error: > > AttributeError: 'int' object has no attribute 'has_key' > > If I add a "print(errors)" to the except clause, I get > > (11, 'Resource temporarily unavailable') Yes, that's expected. Frankly the exceptions generated by the C wrapper module _ldap.so are not very elegant and sometimes inconsequent. If you just want to write a log message the exception the most simplest thing is to call str(error). This will always work and practical experience shows the information provided is enough to find most error causes. BTW: Cleaning up exception handling is on my to do list. Everyone having some spare time left is welcome to jump on in. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: