[python-ldap] Can't get a more specific exception when binding to LDAP server

Mihai Tabara mihait.upb at gmail.com
Fri Oct 26 18:31:13 CEST 2012 

Hi everyone,

I am struggling finding a way to get a more particular exception than
'Invalid_credentials(49)' when a binding to LDAP server cannot be
established.
I am pretty sure it is a common issue but my previous search didn't get me
too far. Please accept my apologies if spamming with my question.

So, let's assume my account on LDAP server has just been deactivated due to
password aging, and therefore, password expiration.

Trying to reach my account within a "ldapwhoami" call from ldap-utils Unix
tools goes naturally and returns awaited response.

===
root at debian:~# ldapwhoami -e ppolicy -x -D
"uid=mihait,ou=Users,dc=example,dc=com" -w secret
ldap_bind: Invalid credentials (49); Password expired
===

... whereas a call from python-ldap bindings returns only the generic
'invalid credentials' exception as follows:

===
>>conn = ldap.initialize("ldap://localhost:389")
>>try:
>>  conn.simple_bind_s("uid=mihait,ou=Users,dc=example,dc=com", "secret")
>>except ldap.INVALID_CREDENTIALS, e:
>>  print e
>>conn.unbind_s()
{'desc': 'Invalid credentials'}
===

Since I'm a newbie in stuff regarding LDAP, I tried different approaches
and, unsuccessfully searched all over the web for possible explanations.
Found out that C bindings handle this issue with a ldap_get_option()
function which, basically calls for an extended text message (via the
LDAP_OPT_ERROR_STRING attribute)
In the same time, I found in the python-ldap docs an instance method
similarly named which is associated with my LDAPObject; when calling it,
returns None.

When dug for more in the ldap/ldapobject.py, the corresponding fields,
which I presume are "error_number" and "error_string"
from CLASSATTR_OPTION_MAPPING dicionary hold None values.
(at least error_string does whereas error_number holds 49).

Since the C bindings manage to solve this problem, I expect python should
do the same. Consequently, I'm definitely doing something wrong.
Can anyone assist me with this, please ?

Thanks a lot.
Kind regards,

Mihai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20121026/6e8a11c4/attachment.html>

More information about the python-ldap mailing list