From nyasha.chigwamba at voss-solutions.com Wed Jan 16 10:06:17 2013 From: nyasha.chigwamba at voss-solutions.com (Nyasha Chigwamba) Date: Wed, 16 Jan 2013 11:06:17 +0200 Subject: [python-ldap] LDAP Schema: MUST/MAY Attributes Message-ID: Hi All, I have created a client application that has minimal "schema-awareness". I would like to validate my data before I send to Active Directory. When creating a new instance for a user (objectClass: 'top', 'organizationalPerson', 'person', 'user'), I find that there are some attributes that are marked as MUST, yet they are not required by AD for the instance to be created. An example of one such attribute is 'nTSecurityDescriptor'. I have looked at the web2lap interface and the addition of instances only has shows cn, objectClass, and sn as the required attributes. How can I do something similar? Should look at the USAGE property (0 = userApplications 1 = directoryOperation, 2 = distributedOperation, 3 = dSAOperation), in addition to the MUST or MAY property? Regards, Nyasha -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Wed Jan 16 19:24:28 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 16 Jan 2013 19:24:28 +0100 Subject: [python-ldap] LDAP Schema: MUST/MAY Attributes In-Reply-To: References: Message-ID: <50F6F05C.2030500@stroeder.com> Nyasha Chigwamba wrote: > I have created a client application that has minimal "schema-awareness". I > would like to validate my data before I send to Active Directory. When > creating a new instance for a user (objectClass: 'top', > 'organizationalPerson', 'person', 'user'), I find that there are some > attributes that are marked as MUST, yet they are not required by AD for the > instance to be created. An example of one such attribute is > 'nTSecurityDescriptor'. > > I have looked at the web2lap interface and the addition of instances only has > shows cn, objectClass, and sn as the required attributes. How can I do > something similar? Should look at the USAGE property (0 = userApplications 1 = > directoryOperation, 2 = distributedOperation, 3 = dSAOperation), in addition > to the MUST or MAY property? MS AD does not have a single attribute type description with USAGE in its subschema (checked today on W2K8R2 because of OpenLDAP ITS#7493). web2ldap does look at AttributeType.no_user_mod and AttributeType.collective. If any of them is not None the attribute is considered not to be editable by the user. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From bas.vandervlies at surfsara.nl Wed Jan 23 10:33:41 2013 From: bas.vandervlies at surfsara.nl (Bas van der Vlies) Date: Wed, 23 Jan 2013 09:33:41 +0000 Subject: [python-ldap] Question modifyModlist Message-ID: <74EB35DC444C754DA400390F673C23D608E519FC@sara-exch-01.ka.sara.nl> Hello, I am using the function to replace attribute values. The generated ldif is always: {{{ (ldap.MOD_DELETE, "gidNumber", None), (ldap.MOD_ADD, "gidNumber", gid_new), }}} For most situations this is good, but for this situation i only want to replace the gidnumber only if it matches the old value, e.g.: {{{ (ldap.MOD_DELETE, "gidNumber", gid_old), (ldap.MOD_ADD, "gidNumber", gid_new), }}} I could not find an option for modifyModlist() to generate this ldif. is this possible? regards -- Bas van der Vlies mail: bas at surfsara.nl SURFsara, www.surfsara.nl Amsterdam, The Netherlands From bas.vandervlies at surfsara.nl Wed Jan 23 10:33:40 2013 From: bas.vandervlies at surfsara.nl (Bas van der Vlies) Date: Wed, 23 Jan 2013 09:33:40 +0000 Subject: [python-ldap] Question about ldap.modlist.modifyModlist Message-ID: <74EB35DC444C754DA400390F673C23D608E519F6@sara-exch-01.ka.sara.nl> Hello,, I have question about the usage of ldap.modlist.modifyModlist. I am using it a lot to replace values. When i look at the generated ldif it deletes the attribute and then add the attribute: {{{ (ldap.MOD_DELETE, "gidNumber", None), (ldap.MOD_ADD, "gidNumber", gid_new), }}} This fine for most replacements. Bit for this case i only want to replace the value if it matches the old one, e.g.: {{{ (ldap.MOD_DELETE, "gidNumber", gid_old), (ldap.MOD_ADD, "gidNumber", gid_new), }}} Is there an option for modifyModlist that supports this or must i just use the modify_s function? regards Bas van der Vlies mail: bas at surfsara.nl SURFsara, www.surfsara.nl Amsterdam, The Netherlands From michael at stroeder.com Wed Jan 23 20:28:34 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 23 Jan 2013 20:28:34 +0100 Subject: [python-ldap] Question about ldap.modlist.modifyModlist In-Reply-To: <74EB35DC444C754DA400390F673C23D608E519F6@sara-exch-01.ka.sara.nl> References: <74EB35DC444C754DA400390F673C23D608E519F6@sara-exch-01.ka.sara.nl> Message-ID: <510039E2.8050508@stroeder.com> Bas van der Vlies wrote: > Hello,, > > I have question about the usage of ldap.modlist.modifyModlist. I am using it a lot to replace values. When i look at the generated ldif it deletes the attribute and then add the attribute: > {{{ > (ldap.MOD_DELETE, "gidNumber", None), > (ldap.MOD_ADD, "gidNumber", gid_new), > }}} > > This fine for most replacements. Bit for this case i only want to replace the value if it matches the old one, e.g.: > {{{ > (ldap.MOD_DELETE, "gidNumber", gid_old), > (ldap.MOD_ADD, "gidNumber", gid_new), > }}} > > Is there an option for modifyModlist that supports this or must i just use the modify_s function? modifyModlist() is designed to always work. That's the reason why the attribute always gets deleted and re-added completely. With most LDAP servers deleting by value requires that there's a EQUALITY matching rule declared for the attribute type - and implemented. My web2ldap contains a schema-aware variant of modifyModlist() which looks at the subschema to determine whether deleting values is possible. It might make sense to extend ldap.modlist.modifyModlist() with an optional key-word argument with which you can pass a list of attribute types for which deleting by value is possible. In this case the calling application has to know whether EQUALITY matching rule is available or not. Feel free to submit a patch for such a behaviour. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From wallenpb at gmail.com Sat Feb 9 05:02:46 2013 From: wallenpb at gmail.com (Bill Allen) Date: Fri, 8 Feb 2013 22:02:46 -0600 Subject: [python-ldap] Installation instructions, python-ldap for HP-UX Message-ID: I have installed open-ldap on my HP-UX server, but I am having trouble installing the python-ldap software. It appears that I need to adjust the config file in some way, but I am unclear what the configuration setting sets for HP-UX need to be for the install to work. Has anyone successfuly installed on HP-UX? -- Bill Allen From michael at stroeder.com Sat Feb 9 12:56:21 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sat, 09 Feb 2013 12:56:21 +0100 Subject: [python-ldap] Installation instructions, python-ldap for HP-UX In-Reply-To: References: Message-ID: <51163965.1040507@stroeder.com> Bill Allen wrote: > I have installed open-ldap on my HP-UX server, but I am having trouble > installing the python-ldap software. It appears that I need to adjust > the config file in some way, but I am unclear what the configuration > setting sets for HP-UX need to be for the install to work. Has > anyone successfuly installed on HP-UX? Are you familiar with compiling software written in C? Did you already install all the software required to build python-ldap? http://www.python-ldap.org/doc/html/installing.html#prerequisites The set of software depends on your requirements. But basically you have to build and install at least Python and the OpenLDAP libs. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From wallenpb at gmail.com Sat Feb 9 23:31:07 2013 From: wallenpb at gmail.com (Bill Allen) Date: Sat, 9 Feb 2013 16:31:07 -0600 Subject: [python-ldap] Installation instructions, python-ldap for HP-UX In-Reply-To: <51163965.1040507@stroeder.com> References: <51163965.1040507@stroeder.com> Message-ID: On Sat, Feb 9, 2013 at 5:56 AM, Michael Str?der wrote: > Bill Allen wrote: > > I have installed open-ldap on my HP-UX server, but I am having trouble > > installing the python-ldap software. It appears that I need to adjust > > the config file in some way, but I am unclear what the configuration > > setting sets for HP-UX need to be for the install to work. Has > > anyone successfuly installed on HP-UX? > > Are you familiar with compiling software written in C? > Did you already install all the software required to build python-ldap? > > http://www.python-ldap.org/doc/html/installing.html#prerequisites > > The set of software depends on your requirements. But basically you have to > build and install at least Python and the OpenLDAP libs. > > Ciao, Michael. > Michael, So you know what I am trying to do, my target application is a Python CGI, that will be running on an HP-UX Apache web server, that will allow users at my location to self-service reset their Active Directory passwords. I have coded other Python CGI applications running on this server, just have never had to used the Python-LDAP module before. Yes, I have the Python installed (2.7.1) and the OpenLDAP (2.4.33). In HP-UX, OpenLDAP goes into various folders in the /usr/local tree. I have compiled C before and have gcc installed, usually by following instructions for make/make install. I have looked at the default setup.cfg in the Python-LDAP distribution tar and think I might know how to modify it to fit my sitituation to be able to do a normal python setup.py build, python setup.py install. This is how I think I should do the setup.cfg, does this look right? [_ldap] library_dirs = /usr/local/lib include_dirs = /usr/local/include extra_compile_args = -g extra_objects = libs = ldap_r If you do not think this is the way for me to go with this, then perhaps a C compile would be best for my situation. Please advise, and I appreciate your help. Thanks, Bill A. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wallenpb at gmail.com Sun Feb 10 07:41:39 2013 From: wallenpb at gmail.com (Bill Allen) Date: Sun, 10 Feb 2013 00:41:39 -0600 Subject: [python-ldap] Installation instructions, python-ldap for HP-UX In-Reply-To: References: <51163965.1040507@stroeder.com> Message-ID: Michael, I found that I had ssl and sasl dependencies, so I have install OpenLDAP, openssl, and cyrus-sasl for HP-UX. I ran python setup.py build and python setup.py install with the follwing setup.cfg and the build and install completed successfully, but I do still have a problem as noted below. [_ldap] library_dirs = /usr/local/lib include_dirs = /usr/local/include extra_compile_args = -g extra_objects = libs = ldap_r Now, when I run the Python interpreter and try to import ldap I get the following error: >>> import ldap Traceback (most recent call last): File "", line 1, in File "/opt/iexpress/python/lib/python2.7/site-packages/python_ldap-2.4.10-py2.7-hp-ux-B.11.31-ia64.egg/ldap/__init__.py", line 22, in import _ldap ImportError: Failed to load /opt/iexpress/python/lib/python2.7/site-packages/python_ldap-2.4.10-py2.7-hp-ux-B.11.31-ia64.egg/_ldap.so On Sat, Feb 9, 2013 at 5:56 AM, Michael Str?der wrote: > Bill Allen wrote: > > I have installed open-ldap on my HP-UX server, but I am having trouble > > installing the python-ldap software. It appears that I need to adjust > > the config file in some way, but I am unclear what the configuration > > setting sets for HP-UX need to be for the install to work. Has > > anyone successfuly installed on HP-UX? > > Are you familiar with compiling software written in C? > Did you already install all the software required to build python-ldap? > > http://www.python-ldap.org/doc/html/installing.html#prerequisites > > The set of software depends on your requirements. But basically you have to > build and install at least Python and the OpenLDAP libs. > > Ciao, Michael. > Michael, So you know what I am trying to do, my target application is a Python CGI, that will be running on an HP-UX Apache web server, that will allow users at my location to self-service reset their Active Directory passwords. I have coded other Python CGI applications running on this server, just have never had to used the Python-LDAP module before. Yes, I have the Python installed (2.7.1) and the OpenLDAP (2.4.33). In HP-UX, OpenLDAP goes into various folders in the /usr/local tree. I have compiled C before and have gcc installed, usually by following instructions for make/make install. I have looked at the default setup.cfg in the Python-LDAP distribution tar and think I might know how to modify it to fit my sitituation to be able to do a normal python setup.py build, python setup.py install. This is how I think I should do the setup.cfg, does this look right? [_ldap] library_dirs = /usr/local/lib include_dirs = /usr/local/include extra_compile_args = -g extra_objects = libs = ldap_r If you do not think this is the way for me to go with this, then perhaps a C compile would be best for my situation. Please advise, and I appreciate your help. Thanks, Bill A. -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Sun Feb 10 13:10:36 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 10 Feb 2013 13:10:36 +0100 Subject: [python-ldap] Installation instructions, python-ldap for HP-UX In-Reply-To: References: <51163965.1040507@stroeder.com> Message-ID: <51178E3C.1060606@stroeder.com> Bill Allen wrote: > I found that I had ssl and sasl dependencies, so I have install OpenLDAP, > openssl, and cyrus-sasl for HP-UX. Disclaimer: I've never used Python on HP-UX myself. Which toolchain are you using to build? > I ran python setup.py build and python > setup.py install with the follwing setup.cfg and the build and install > completed successfully, but I do still have a problem as noted below. > > [_ldap] > library_dirs = /usr/local/lib > include_dirs = /usr/local/include You should put there all needed library and include dirs. Since you already successfully built python-ldap's _ldap.so 'include_dirs' is probably complete. > "/opt/iexpress/python/lib/python2.7/site-packages/python_ldap-2.4.10-py2.7-hp-ux-B.11.31-ia64.egg/ldap/__init__.py", > line 22, in > import _ldap > ImportError: Failed to load > /opt/iexpress/python/lib/python2.7/site-packages/python_ldap-2.4.10-py2.7-hp-ux-B.11.31-ia64.egg/_ldap.so It seems to me that something's wrong with the runtime library path. Not sure whether the linker you used on HP-UX sets it. On Linux I'd try to set LD_LIBRARY_PATH to include at least the path containing libldap_r and liblber but I'm not sure whether you can do that on HP-UX. If that's successful I'd check whether the paths set by 'library_dirs' are passed to the linker during the build. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Sun Feb 10 18:32:14 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 10 Feb 2013 18:32:14 +0100 Subject: [python-ldap] Installation instructions, python-ldap for HP-UX In-Reply-To: <51178E3C.1060606@stroeder.com> References: <51163965.1040507@stroeder.com> <51178E3C.1060606@stroeder.com> Message-ID: <5117D99E.7020301@stroeder.com> Michael Str?der wrote: > Bill Allen wrote: >> I found that I had ssl and sasl dependencies, so I have install OpenLDAP, >> openssl, and cyrus-sasl for HP-UX. > > Disclaimer: I've never used Python on HP-UX myself. > > Which toolchain are you using to build? > >> I ran python setup.py build and python >> setup.py install with the follwing setup.cfg and the build and install >> completed successfully, but I do still have a problem as noted below. >> >> [_ldap] >> library_dirs = /usr/local/lib >> include_dirs = /usr/local/include > > You should put there all needed library and include dirs. > > Since you already successfully built python-ldap's _ldap.so 'include_dirs' is > probably complete. > >> "/opt/iexpress/python/lib/python2.7/site-packages/python_ldap-2.4.10-py2.7-hp-ux-B.11.31-ia64.egg/ldap/__init__.py", >> line 22, in >> import _ldap >> ImportError: Failed to load >> /opt/iexpress/python/lib/python2.7/site-packages/python_ldap-2.4.10-py2.7-hp-ux-B.11.31-ia64.egg/_ldap.so > > It seems to me that something's wrong with the runtime library path. Not sure > whether the linker you used on HP-UX sets it. > > On Linux I'd try to set LD_LIBRARY_PATH to include at least the path > containing libldap_r and liblber but I'm not sure whether you can do that on > HP-UX. If that's successful I'd check whether the paths set by 'library_dirs' > are passed to the linker during the build. BTW: Since you need SSL/TLS and SASL support you also need this: libs = ldap_r sasl2 ssl crypto Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From nicole.haenni at gmail.com Sun Feb 17 23:44:45 2013 From: nicole.haenni at gmail.com (Nicole Haenni) Date: Sun, 17 Feb 2013 23:44:45 +0100 Subject: [python-ldap] Survey for framework and library developers: "Information needs in software ecosystems" Message-ID: I?m Nicole Haenni and I'm doing research for my thesis at the University of Berne (scg.unibe.ch) with Mircea Lungu and Niko Schwarz. We are researching on monitoring the activity in software ecosystems. This is a study about information needs that arise in such software ecosystems. I need your help to fill out the survey below. It takes about 10 minutes to complete it. A software ecosystem can be a project repository like GitHub, an open source community (e.g. the Apache community) or a language-based community (e.g. Smalltalk has Squeaksource, Ruby has Rubyforge). We formulate our research question as follows: "What information needs arise when developers use code from other projects, or see their own code used elsewhere." Survey link: http://bit.ly/14Zc71N or original link: https://docs.google.com/spreadsheet/viewform?formkey=dFBJUmVodVU1V3BMMGRPRWxBdjdDbVE6MA Thank you for your support! Nicole -------------- next part -------------- An HTML attachment was scrubbed... URL: From cornelius.koelbel at lsexperts.de Tue Feb 19 16:04:17 2013 From: cornelius.koelbel at lsexperts.de (=?ISO-8859-15?Q?Cornelius_K=F6lbel?=) Date: Tue, 19 Feb 2013 16:04:17 +0100 Subject: [python-ldap] adding object with python-ldap 2.3 Message-ID: <51239471.2010702@lsexperts.de> Hello, I see that adding an object to an LDAP is done via add(dn, modlist). Unfortunately we got installations running python-ldap 2.3.x. I seems that modlist was introduced with python-ldap 2.4. So how would I add an object with python-ldap 2.3? Thanks a lot and kind regards Cornelius -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From navendu at ideadevice.com Tue Feb 19 20:44:25 2013 From: navendu at ideadevice.com (Navendu Gupta) Date: Wed, 20 Feb 2013 01:14:25 +0530 Subject: [python-ldap] adding object with python-ldap 2.3 In-Reply-To: <51239471.2010702@lsexperts.de> References: <51239471.2010702@lsexperts.de> Message-ID: you can pass list of attrs also. list of tuples (ldap.MOD_ADD, attr, value) Thanks Navendu Gupta Idea Device On Tue, Feb 19, 2013 at 8:34 PM, Cornelius K?lbel < cornelius.koelbel at lsexperts.de> wrote: > Hello, > > I see that adding an object to an LDAP is done via add(dn, modlist). > > Unfortunately we got installations running python-ldap 2.3.x. > I seems that modlist was introduced with python-ldap 2.4. So how would I > add an object with python-ldap 2.3? > > Thanks a lot and kind regards > Cornelius > > > _______________________________________________ > python-ldap mailing list > python-ldap at python.org > http://mail.python.org/mailman/listinfo/python-ldap > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cornelius.koelbel at lsexperts.de Wed Feb 20 08:57:20 2013 From: cornelius.koelbel at lsexperts.de (=?ISO-8859-1?Q?Cornelius_K=F6lbel?=) Date: Wed, 20 Feb 2013 08:57:20 +0100 Subject: [python-ldap] adding object with python-ldap 2.3 In-Reply-To: References: <51239471.2010702@lsexperts.de> Message-ID: <512481E0.8020406@lsexperts.de> Thanks a lot. Kind regards Cornelius Am 19.02.2013 20:44, schrieb Navendu Gupta: > you can pass list of attrs also. > > list of tuples (ldap.MOD_ADD, attr, value) > > > Thanks > Navendu Gupta > Idea Device > > > On Tue, Feb 19, 2013 at 8:34 PM, Cornelius K?lbel > > wrote: > > Hello, > > I see that adding an object to an LDAP is done via add(dn, modlist). > > Unfortunately we got installations running python-ldap 2.3.x. > I seems that modlist was introduced with python-ldap 2.4. So how > would I > add an object with python-ldap 2.3? > > Thanks a lot and kind regards > Cornelius > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: From stefanik at dsx.cz Thu Feb 21 17:01:34 2013 From: stefanik at dsx.cz (Dusan Stefanik) Date: Thu, 21 Feb 2013 17:01:34 +0100 Subject: [python-ldap] whoami_s() result Message-ID: <20130221160134.GN5597@portos> Hi, I discovered some odd behaviour with whoami_s(). ### import ldap l = ldap.ldapobject.SimpleLDAPObject('ldap://localhost') l.bind_s('uid=dusan,ou=users,dc=example,dc=com','asdfg') l.unbind_s() l.whoami_s() ## result python: whoami.c:68: ldap_whoami: Assertion `( (ld)->ldc->ldc_options.ldo_valid == 0x2 )' failed. Aborted ### In documentation unbind_s(): Further invocation of methods on the object will yield an exception. But as I discovered... exception in C module thus I can't catch exception(?). Calling another function raise: ldap.LDAPError: LDAP connection invalid Thanks Dusan From navendu at ideadevice.com Thu Feb 21 17:21:02 2013 From: navendu at ideadevice.com (Navendu Gupta) Date: Thu, 21 Feb 2013 21:51:02 +0530 Subject: [python-ldap] create/modify ACL entries Message-ID: I am able to create an AD Group and modify its attributes via python-ldap. Can i create/modiy ACL entries on a group via python-ldap? I need to delete 'Authenticated Users' from group's ACL that i create. Any help will be highly appreciated. Best Regards Navendu Gupta Idea Device -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Thu Feb 21 17:26:25 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 21 Feb 2013 17:26:25 +0100 Subject: [python-ldap] whoami_s() result In-Reply-To: <20130221160134.GN5597@portos> References: <20130221160134.GN5597@portos> Message-ID: <51264AB1.1000906@stroeder.com> Dusan Stefanik wrote: > I discovered some odd behaviour with whoami_s(). Which version of python-ldap and which version of OpenLDAP libs are you using? Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From esiotrot at gmail.com Thu Feb 21 17:47:21 2013 From: esiotrot at gmail.com (Michael Wood) Date: Thu, 21 Feb 2013 18:47:21 +0200 Subject: [python-ldap] whoami_s() result In-Reply-To: <51264AB1.1000906@stroeder.com> References: <20130221160134.GN5597@portos> <51264AB1.1000906@stroeder.com> Message-ID: Hi On 21 February 2013 18:26, Michael Str?der wrote: > Dusan Stefanik wrote: >> I discovered some odd behaviour with whoami_s(). > > Which version of python-ldap and which version of OpenLDAP libs are you using? I just tried this myself on Ubuntu 10.04.4 and could reproduce the issue. OpenLDAP lib version: 2.4.21-0ubuntu5.7 Python LDAP version: 2.3.10-1ubuntu1 Of course, I have no idea what versions Dusan is running. -- Michael Wood From stefanik at dsx.cz Thu Feb 21 21:17:08 2013 From: stefanik at dsx.cz (Dusan Stefanik) Date: Thu, 21 Feb 2013 21:17:08 +0100 Subject: [python-ldap] whoami_s() result In-Reply-To: <51264AB1.1000906@stroeder.com> References: <20130221160134.GN5597@portos> <51264AB1.1000906@stroeder.com> Message-ID: <20130221201708.GM4937@dscon.dsx.cz> Hi, sorry, forgot this important information: Tested on debian stable(squeeze): python-ldap 2.3.11 + python 2.6.6 + libldap 2.4.23 Also tested on Debian testing(wheezy): python-ldap 2.4.10 + python 2.7.3 + libldap 2.4.31 Also tested on Ubuntu precise: python-ldap 2.4.10 (from pypi) + python 2.7.3 + libldap 2.4.28 with same result. Dusan On 21/02/13 at 05:26pm, Michael Str?der wrote: > Dusan Stefanik wrote: > > I discovered some odd behaviour with whoami_s(). > > Which version of python-ldap and which version of OpenLDAP libs are you using? > > Ciao, Michael. > From michael at stroeder.com Thu Feb 21 22:09:19 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 21 Feb 2013 22:09:19 +0100 Subject: [python-ldap] whoami_s() result In-Reply-To: <20130221201708.GM4937@dscon.dsx.cz> References: <20130221160134.GN5597@portos> <51264AB1.1000906@stroeder.com> <20130221201708.GM4937@dscon.dsx.cz> Message-ID: <51268CFF.9090401@stroeder.com> Dusan Stefanik wrote: > sorry, forgot this important information: > Tested on debian stable(squeeze): > python-ldap 2.3.11 + python 2.6.6 + libldap 2.4.23 > > Also tested on Debian testing(wheezy): > python-ldap 2.4.10 + python 2.7.3 + libldap 2.4.31 > > Also tested on Ubuntu precise: > python-ldap 2.4.10 (from pypi) + python 2.7.3 + libldap 2.4.28 Since this issue is rather how to detect a programmer's error I'd prefer to simply add an extra check to SimpleLDAPObject._ldap_call(). This check will also be hidden behind a "if __debug__" to let Python strip it out when running in optimized mode. Let me know what you think. Please note that 2.3.x is not maintained anymore. So for this release series the only solution is to write correct code. ;-) Ciao, Michael. > On 21/02/13 at 05:26pm, Michael Str?der wrote: >> Dusan Stefanik wrote: >>> I discovered some odd behaviour with whoami_s(). >> >> Which version of python-ldap and which version of OpenLDAP libs are you using? >> >> Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Thu Feb 21 22:13:09 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 21 Feb 2013 22:13:09 +0100 Subject: [python-ldap] create/modify ACL entries In-Reply-To: References: Message-ID: <51268DE5.8030302@stroeder.com> Navendu Gupta wrote: > I am able to create an AD Group and modify its attributes via python-ldap. > > Can i create/modiy ACL entries on a group via python-ldap? > I need to delete 'Authenticated Users' from group's ACL that i create. I wonder whether you really would need to manipulate ACLs or just one of the token group referenced attributes. Anyhow this is rather a AD-specific question and not really related to python-ldap programming. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From stefanik at dsx.cz Thu Feb 21 22:33:28 2013 From: stefanik at dsx.cz (Dusan Stefanik) Date: Thu, 21 Feb 2013 22:33:28 +0100 Subject: [python-ldap] whoami_s() result In-Reply-To: <51268CFF.9090401@stroeder.com> References: <20130221160134.GN5597@portos> <51264AB1.1000906@stroeder.com> <20130221201708.GM4937@dscon.dsx.cz> <51268CFF.9090401@stroeder.com> Message-ID: <20130221213328.GN4937@dscon.dsx.cz> I think it is quick and correct solution. The goal is avoiding C error rather get python exception. Thanks. Dusan On 21/02/13 at 10:09pm, Michael Str?der wrote: > Dusan Stefanik wrote: > > sorry, forgot this important information: > > Tested on debian stable(squeeze): > > python-ldap 2.3.11 + python 2.6.6 + libldap 2.4.23 > > > > Also tested on Debian testing(wheezy): > > python-ldap 2.4.10 + python 2.7.3 + libldap 2.4.31 > > > > Also tested on Ubuntu precise: > > python-ldap 2.4.10 (from pypi) + python 2.7.3 + libldap 2.4.28 > > Since this issue is rather how to detect a programmer's error I'd prefer to > simply add an extra check to SimpleLDAPObject._ldap_call(). This check will > also be hidden behind a "if __debug__" to let Python strip it out when running > in optimized mode. > > Let me know what you think. > > Please note that 2.3.x is not maintained anymore. So for this release series > the only solution is to write correct code. ;-) > > Ciao, Michael. > > > On 21/02/13 at 05:26pm, Michael Str?der wrote: > >> Dusan Stefanik wrote: > >>> I discovered some odd behaviour with whoami_s(). > >> > >> Which version of python-ldap and which version of OpenLDAP libs are you using? > >> > >> Ciao, Michael. > From steffen.froemer at gns-systems.de Fri Feb 22 11:27:58 2013 From: steffen.froemer at gns-systems.de (Steffen =?iso-8859-1?b?RnL2bWVy?=) Date: Fri, 22 Feb 2013 11:27:58 +0100 Subject: [python-ldap] LDAP bind with Windows credentials Message-ID: <20130222112758.54457a111e2mv4tq@webmail.gns-systems.de> Hello, i am new to python ldap and i want to bind against active directory with my windows credentials. Is there a proper way to do this? This solution works for me, but I don't want to enter my password to make a ldap request. ad = ldap.initialize("ldap://server", trace_level=2) ad.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) ad.set_option(ldap.OPT_REFERRALS, 0) ad.bind_s('testuser at EXAMPLE.com','s3cr3t') result_id = ad.search("dc=example,dc=com", ldap.SCOPE_SUBTREE, "cn=testuser", None) result_type, result_data = ad.result(result_id, 0) pprint.pprint(result_data) Regards, Steffen From michael at stroeder.com Fri Feb 22 12:44:48 2013 From: michael at stroeder.com (Michael =?UTF-8?B?U3Ryw7ZkZXI=?=) Date: Fri, 22 Feb 2013 12:44:48 +0100 Subject: [python-ldap] LDAP bind with Windows credentials In-Reply-To: <20130222112758.54457a111e2mv4tq@webmail.gns-systems.de> References: <20130222112758.54457a111e2mv4tq@webmail.gns-systems.de> Message-ID: On Fri, 22 Feb 2013 11:27:58 +0100 Steffen Fr?mer wrote > i am new to python ldap and i want to bind against active directory > with my windows credentials. > > Is there a proper way to do this? > > This solution works for me, but I don't want to enter my password to > make a ldap request. You're probably talking about LDAP SASL/GSSAPI bind with Kerberos. This is not possible with the Windows builds of python-ldap. Ciao, Michael. From steffen.froemer at gns-systems.de Fri Feb 22 13:41:29 2013 From: steffen.froemer at gns-systems.de (Steffen =?iso-8859-1?b?RnL2bWVy?=) Date: Fri, 22 Feb 2013 13:41:29 +0100 Subject: [python-ldap] LDAP bind with Windows credentials In-Reply-To: References: <20130222112758.54457a111e2mv4tq@webmail.gns-systems.de> Message-ID: <20130222134129.1559277y89aw5pbt@webmail.gns-systems.de> Quoting Michael Str?der : > On Fri, 22 Feb 2013 11:27:58 +0100 Steffen Fr?mer > wrote >> i am new to python ldap and i want to bind against active directory >> with my windows credentials. >> >> Is there a proper way to do this? >> >> This solution works for me, but I don't want to enter my password to >> make a ldap request. > > You're probably talking about LDAP SASL/GSSAPI bind with Kerberos. > This is not possible with the Windows builds of python-ldap. > > Ciao, Michael. > > > Hi Michael, is there any possible solution to do this with python on windows? Regards, Steffen. From michael at stroeder.com Fri Feb 22 19:40:09 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 22 Feb 2013 19:40:09 +0100 Subject: [python-ldap] LDAP bind with Windows credentials In-Reply-To: <20130222134129.1559277y89aw5pbt@webmail.gns-systems.de> References: <20130222112758.54457a111e2mv4tq@webmail.gns-systems.de> <20130222134129.1559277y89aw5pbt@webmail.gns-systems.de> Message-ID: <5127BB89.6030804@stroeder.com> Steffen Fr?mer wrote: > Quoting Michael Str?der : > >> On Fri, 22 Feb 2013 11:27:58 +0100 Steffen Fr?mer >> wrote >>> i am new to python ldap and i want to bind against active directory >>> with my windows credentials. >>> >>> Is there a proper way to do this? >>> >>> This solution works for me, but I don't want to enter my password to >>> make a ldap request. >> >> You're probably talking about LDAP SASL/GSSAPI bind with Kerberos. >> This is not possible with the Windows builds of python-ldap. > > is there any possible solution to do this with python on windows? Not without coding: http://sourceforge.net/tracker/?func=detail&aid=1698443&group_id=2072&atid=352072 Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: