From grimeton at gmx.net Tue Apr 9 18:09:27 2013 From: grimeton at gmx.net (Oliver Loch) Date: Tue, 9 Apr 2013 18:09:27 +0200 Subject: [python-ldap] ldap.sasl Message-ID: Hi, are there any docs available on ldap.sasl? And what does one do to check if the kerberos tickets are available, and if not, to generate them? KR, Oliver -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4343 bytes Desc: not available URL: From michael at stroeder.com Tue Apr 9 18:53:47 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 09 Apr 2013 18:53:47 +0200 Subject: [python-ldap] ldap.sasl In-Reply-To: References: Message-ID: <5164479B.3040705@stroeder.com> Oliver Loch wrote: > are there any docs available on ldap.sasl? No. There's only Demo/sasl_bind.py in the source distribution. > And what does one do to check if the kerberos tickets are available, and if not, to generate them? Usually you cannot deal with the Kerberos details in python-ldap. You can use SASL/GSSAPI bind if the user invoking your python-ldap application already obtained a TGT before (with kinit). The Kerberos libs used by the SASL libs which are in turn used by OpenLDAP's libldap will automagically obtain a service ticket then. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From mailinglist0 at skurfer.com Tue Apr 9 19:09:50 2013 From: mailinglist0 at skurfer.com (Rob McBroom) Date: Tue, 9 Apr 2013 13:09:50 -0400 Subject: [python-ldap] ldap.sasl In-Reply-To: References: Message-ID: <83D49476-B272-455F-9FD7-1F47B7E1CCE7@skurfer.com> On Apr 9, 2013, at 12:09 PM, Oliver Loch wrote: > And what does one do to check if the kerberos tickets are available, and if not, to generate them? As I mentioned in a [previous thread][1], you can check the exit status of `klist -s`, but that doesn?t feel right. [1]: http://mail.python.org/pipermail/python-ldap/2012q3/003143.html -- Rob McBroom From mail at peterbe.com Wed Apr 17 18:54:01 2013 From: mail at peterbe.com (Peter Bengtsson) Date: Wed, 17 Apr 2013 09:54:01 -0700 Subject: [python-ldap] Why is setuptools installed if setuptools is installed? Message-ID: <99050691BC1D44D08E6FA73569ABF905@gmail.com> Looking at line 76, this baffles me http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/setup.py?revision=1.71&view=markup It basically says:: if has_setuptools: kwargs = dict( include_package_data = True, install_requires = ['setuptools'], # <-- this is line 76 zip_safe = False ) I suspect this causes setuptools to be re-installed if you do things like this:: $ pip install -I python-ldap In fact, I know it breaks our script we use for building a tarball since we use `pip install -I requirements/compiled.txt` and afterwards it breaks our virtualenv with that common error of `pkg_resources` failing on ImportErrors. Note: for us this only happens on a RedHat server. I can't ever reproduce it locally on my OSX. Nevertheless, it does not make sense to depend on setuptools only if setuptools already is installed. Peter -- Peter Bengtsson home www.peterbe.com work www.mozilla.org fun aroundtheworldgame.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From anurag.chourasia at gmail.com Mon Apr 22 03:18:31 2013 From: anurag.chourasia at gmail.com (Anurag Chourasia) Date: Sun, 21 Apr 2013 21:18:31 -0400 Subject: [python-ldap] How do i know if bind was successful? Message-ID: Dear Friends, I am exploring python-ldap and I have the following question. I am testing using ADAM on Windows XP. How could i know if my bind request was successful. This is my session transcript. >>> import ldap >>> l=ldap.initialize('ldap://localhost:389') >>> who="CN=achourasia,OU=Appl Groups,OU=Central,OU=CL,DC=cencosud.corp,O=App,C=US" >>> cred="Jaisai1" >>> result=l.bind(who,cred) >>> l.result(result) (97, []) >>> What is 97 above supposed to mean? When a exception is not thrown then does it mean that the request was successful? Please guide. Regards, Guddu -------------- next part -------------- An HTML attachment was scrubbed... URL: From anurag.chourasia at gmail.com Mon Apr 22 03:44:18 2013 From: anurag.chourasia at gmail.com (Anurag Chourasia) Date: Sun, 21 Apr 2013 21:44:18 -0400 Subject: [python-ldap] LDAP Search Failure Message-ID: Hi All, I am doing a search using Python LDAP and the search function is throwing an exception *ldap.NO_SUCH_OBJECT* Session transcript is as follows >>> import ldap >>> l=ldap.initialize('ldap://localhost:389') >>> who="CN=guddu,OU=Appl Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US" >>> cred="12345" >>> result=l.bind(who,cred) >>> l.result(result) (97, []) >>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US',ldap.SCOPE_SUBTREE,'(cn=gud*)',['cn']) Traceback (most recent call last): File "", line 1, in File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 552, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 546, in search_ext_s return self.result(msgid,all=1,timeout=timeout)[1] File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 458, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 462, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) ldap.NO_SUCH_OBJECT: {'info': "0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'O=App,C=US'\n", 'matched': 'O=App,C=US', ' desc': 'No such object'} What's intriguing is that the same search works fine using the ldp.exe explorer. Here is the session transcript and I have also attached a image at http://imgur.com/nj6Tlsi with more details. ***Searching... ldap_search_s(ld, "OU=Appl Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US", 1, "(cn=gud*)", attrList, 0, &msg) Getting 1 entries: >> Dn: CN=guddu,OU=Appl Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US 1> cn: guddu; ----------- Please guide. Regards, Guddu -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Apr 22 09:35:11 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 22 Apr 2013 09:35:11 +0200 Subject: [python-ldap] LDAP Search Failure In-Reply-To: References: Message-ID: <5174E82F.5030304@stroeder.com> Anurag Chourasia wrote: > I am doing a search using Python LDAP and the search function is throwing an > exception *ldap.NO_SUCH_OBJECT* > > Session transcript is as follows > >>>> import ldap >>>> l=ldap.initialize('ldap://localhost:389') >>>> who="CN=guddu,OU=Appl Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US" >>>> cred="12345" >>>> result=l.bind(who,cred) As said in my other response this is not a full correct bind operation. >>>> l.result(result) > (97, []) >>>> l.search_s('OU=Appl > Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US',ldap.SCOPE_SUBTREE,'(cn=gud*)',['cn']) > [..] > ldap.NO_SUCH_OBJECT: {'info': "0000208D: NameErr: DSID-031521D2, problem 2001 > (NO_OBJECT), data 0, best match of:\n\t'O=App,C=US'\n", 'matched': 'O=App,C=US', ' > desc': 'No such object'} This can be caused by the base DN not being correct or the server not disclosing the DN to you because of incomplete bind before. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Mon Apr 22 09:32:11 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 22 Apr 2013 09:32:11 +0200 Subject: [python-ldap] How do i know if bind was successful? In-Reply-To: References: Message-ID: <5174E77B.5030107@stroeder.com> Anurag Chourasia wrote: > I am exploring python-ldap and I have the following question. > > I am testing using ADAM on Windows XP. > > How could i know if my bind request was successful. After a successful simple bind operation the server returns a LDAP response with error code ok (0) => no LDAPError exception raised. Which authorization identity is in effect can be queried by LDAP Who Am I? extended operation if the server supports it: http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.whoami_s Not sure whether MS ADAM supports it though. > This is my session transcript. > >>>> import ldap >>>> l=ldap.initialize('ldap://localhost:389') >>>> who="CN=achourasia,OU=Appl > Groups,OU=Central,OU=CL,DC=cencosud.corp,O=App,C=US" >>>> cred="Jaisai1" >>>> result=l.bind(who,cred) >>>> l.result(result) > (97, []) >>>> > > What is 97 above supposed to mean? When a exception is not thrown then does it > mean that the request was successful? Please read first about the difference of synchronous and asynchronous operation methods: http://www.python-ldap.org/doc/html/ldap.html#sending-ldap-requests You probably want to use simple_bind_s(): http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s bind_s() is nowadays just a thin wrapper around simple_bind_s(). Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From anurag.chourasia at gmail.com Mon Apr 22 10:22:06 2013 From: anurag.chourasia at gmail.com (Anurag Chourasia) Date: Mon, 22 Apr 2013 04:22:06 -0400 Subject: [python-ldap] How do i know if bind was successful? In-Reply-To: <5174E77B.5030107@stroeder.com> References: <5174E77B.5030107@stroeder.com> Message-ID: Hi Michael, Thanks for your response. Please note that if i supply a wrong password then the bind step gives me an error *ldap.INVALID_CREDENTIALS* With the correct password it does not throw any exception as such.... If i use Apache Directory Studio instead of MS ADAM for my tests then the Search function works fine despite the bind having given the same results as in my original problem transcript. Here is a session transcript with Apache Server Studio >>> import ldap >>> l=ldap.initialize('ldap://127.0.0.1:10389') >>> who="uid=admin,ou=system" >>> cred="123456" >>> result=l.bind(who,cred) >>> l.result(result) (97, []) >>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cen,DC=corp', 0, '(objectClass=*)') [('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {'objectClass': ['organizationalUnit', 'top'], 'ou': ['Appl Groups']})] Regards, Anurag On Mon, Apr 22, 2013 at 3:32 AM, Michael Str?der wrote: > Anurag Chourasia wrote: > > I am exploring python-ldap and I have the following question. > > > > I am testing using ADAM on Windows XP. > > > > How could i know if my bind request was successful. > > After a successful simple bind operation the server returns a LDAP response > with error code ok (0) => no LDAPError exception raised. > > Which authorization identity is in effect can be queried by LDAP Who Am I? > extended operation if the server supports it: > > http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.whoami_s > > Not sure whether MS ADAM supports it though. > > > This is my session transcript. > > > >>>> import ldap > >>>> l=ldap.initialize('ldap://localhost:389') > >>>> who="CN=achourasia,OU=Appl > > Groups,OU=Central,OU=CL,DC=cencosud.corp,O=App,C=US" > >>>> cred="Jaisai1" > >>>> result=l.bind(who,cred) > >>>> l.result(result) > > (97, []) > >>>> > > > > What is 97 above supposed to mean? When a exception is not thrown then > does it > > mean that the request was successful? > > Please read first about the difference of synchronous and asynchronous > operation methods: > > http://www.python-ldap.org/doc/html/ldap.html#sending-ldap-requests > > You probably want to use simple_bind_s(): > > http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s > > bind_s() is nowadays just a thin wrapper around simple_bind_s(). > > Ciao, Michael. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From anurag.chourasia at gmail.com Mon Apr 22 10:27:28 2013 From: anurag.chourasia at gmail.com (Anurag Chourasia) Date: Mon, 22 Apr 2013 04:27:28 -0400 Subject: [python-ldap] How do i know if bind was successful? In-Reply-To: References: <5174E77B.5030107@stroeder.com> Message-ID: Hi Michael, Also, the whoami_s works fine with MS ADAM but not with Apache Server Studio. Here is a transcript for each one of those *MS ADAM* >>> result=l.bind(who,cred) >>> l.result(result) (97, []) >>> >>> l.whoami_s() 'dn:CN=anurag,OU=Appl Groups,OU=Central,OU=CL,DC=c.corp,O=App,C=US' * * *Apache Server Studio* >>> l.result(result) (97, []) >>> l.whoami_s() Traceback (most recent call last): File "", line 1, in File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 596, in whoami_s return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) ldap.PROTOCOL_ERROR: {'info': 'Unrecognized extended operation EXTENSION_OID: 1.3.6.1.4.1.4203.1.11.3', 'desc': 'Protocol error'} Regards, Anurag On Mon, Apr 22, 2013 at 4:22 AM, Anurag Chourasia < anurag.chourasia at gmail.com> wrote: > Hi Michael, > > Thanks for your response. > > Please note that if i supply a wrong password then the bind step gives me > an error *ldap.INVALID_CREDENTIALS* > > With the correct password it does not throw any exception as such.... > > If i use Apache Directory Studio instead of MS ADAM for my tests then the > Search function works fine despite the bind having given the same results > as in my original problem transcript. > > Here is a session transcript with Apache Server Studio > > >>> import ldap > >>> l=ldap.initialize('ldap://127.0.0.1:10389') > >>> who="uid=admin,ou=system" > >>> cred="123456" > >>> result=l.bind(who,cred) > >>> l.result(result) > (97, []) > >>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cen,DC=corp', 0, > '(objectClass=*)') > [('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {'objectClass': > ['organizationalUnit', 'top'], 'ou': ['Appl Groups']})] > > Regards, > Anurag > > > On Mon, Apr 22, 2013 at 3:32 AM, Michael Str?der wrote: > >> Anurag Chourasia wrote: >> > I am exploring python-ldap and I have the following question. >> > >> > I am testing using ADAM on Windows XP. >> > >> > How could i know if my bind request was successful. >> >> After a successful simple bind operation the server returns a LDAP >> response >> with error code ok (0) => no LDAPError exception raised. >> >> Which authorization identity is in effect can be queried by LDAP Who Am I? >> extended operation if the server supports it: >> >> http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.whoami_s >> >> Not sure whether MS ADAM supports it though. >> >> > This is my session transcript. >> > >> >>>> import ldap >> >>>> l=ldap.initialize('ldap://localhost:389') >> >>>> who="CN=achourasia,OU=Appl >> > Groups,OU=Central,OU=CL,DC=cencosud.corp,O=App,C=US" >> >>>> cred="Jaisai1" >> >>>> result=l.bind(who,cred) >> >>>> l.result(result) >> > (97, []) >> >>>> >> > >> > What is 97 above supposed to mean? When a exception is not thrown then >> does it >> > mean that the request was successful? >> >> Please read first about the difference of synchronous and asynchronous >> operation methods: >> >> http://www.python-ldap.org/doc/html/ldap.html#sending-ldap-requests >> >> You probably want to use simple_bind_s(): >> >> >> http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s >> >> bind_s() is nowadays just a thin wrapper around simple_bind_s(). >> >> Ciao, Michael. >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.fassl at lgi.com Mon Apr 22 14:32:51 2013 From: michael.fassl at lgi.com (Fassl, Michael) Date: Mon, 22 Apr 2013 12:32:51 +0000 Subject: [python-ldap] Patch: Allow abort of ldif parsing Message-ID: <6220C700E45E9D4FA0EA992EDEC2D0C8AC23A4@NLAMSPEXMB011.upcit.ds.upc.biz> Hi! I've extended the LDIFParser class to be able to abort parsing by returning "False" in the "handle()" method. Reason I implemented this: I need to search for an object in a LDIF file containing ~ 8 million records and I want to stop on the first match. Please share your thoughts about that. Cheers nomike -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.txt URL: From anurag.chourasia at gmail.com Mon Apr 22 19:02:30 2013 From: anurag.chourasia at gmail.com (Anurag Chourasia) Date: Mon, 22 Apr 2013 13:02:30 -0400 Subject: [python-ldap] sAMAccountName in DN for Bind Message-ID: Dear Friends, Is *sAMAccountName *not allowed in the DN for bind operation? If i use a DN = "*CN=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" then I am able to bind and do a search operation also. However, if i use a DN= "* sAMAccountName=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" then i get a *ldap.INVALID_CREDENTIALS* error I can confirm that the user has the attribute *sAMAccountName=Guddu *for sure. Here is my session transcript. Appreciate your guidance. >>> import ldap >>> l=ldap.initialize('ldap://10.5.100.61:389') >>> who="sAMAccountName=FJGalazA,OU=Users,OU=Central,OU=CL,DC=cencosud,DC=corp" >>> who="CN=Francisco Javier Galaz Arenas,OU=Users,OU=Central,OU=CL,DC=cencosud,DC=corp" >>> cred="fga.1234" >>> result=l.bind(who,cred) >>> l.result(result) (97, []) >>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', 0, '(objectClass=*)',['cn']) [('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {})] >>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', 0, '(objectClass=*)') [('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {'distinguishedName': ['OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp'], 'dSCorePropagationData': ['20120613154938.0Z', '20120131185947.0Z', '20120131153659.0Z', '20100125141214.0Z', '16010714223649.0Z'], 'name': ['Appl Groups'], 'objectCategory': ['CN=Orga nizational-Unit,CN=Schema,CN=Configuration,DC=cencosud,DC=corp'], 'objectClass': ['top', 'organizationalUnit'], 'objectGUID': ["\xf8\xd5T'\xa2A7G\xa2\xa5\xd8\xe 3T&\xcd\xcb"], 'whenChanged': ['20050929205347.0Z'], 'whenCreated': ['20050929205347.0Z'], 'uSNCreated': ['70508'], 'uSNChanged': ['70508'], 'ou': ['Appl Groups '], 'instanceType': ['4']})] >>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', 0, '(objectClass=*)',['member']) [('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {})] >>> who="sAMAccountName=FJGalazA,OU=Users,OU=Central,OU=CL,DC=cencosud,DC=corp" >>> result=l.bind(who,cred) >>> l.result(result) Traceback (most recent call last): File "", line 1, in File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 458, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 462, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 99, in _ldap_call result = func(*args,**kwargs) ldap.INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece', 'desc': 'Invalid credentials'} >>> Regards, Guddu -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Apr 22 19:10:06 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 22 Apr 2013 19:10:06 +0200 Subject: [python-ldap] sAMAccountName in DN for Bind In-Reply-To: References: Message-ID: <51756EEE.7020104@stroeder.com> Anurag Chourasia wrote: > Is *sAMAccountName *not allowed in the DN for bind operation? What is allowed in a DB is entirely up to the server's schema checking. So this is a question you have to ask the LDAP server vendor. > If i use a DN = "*CN=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" then > I am able to bind and do a search operation also. > > However, if i use a DN= > "*sAMAccountName=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" then i > get a *ldap.INVALID_CREDENTIALS* error Does entry sAMAccountName=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp actually exist. I suspect you expect some special magic which isn't there. But better ask your LDAP server vendor. > I can confirm that the user has the attribute *sAMAccountName=Guddu *for sure. That's not how LDAP simple bind works in general. There is some special non-standard feature in AD to use the user's principal name in a simple bind request. Not sure whether that works with ADAM though. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Mon Apr 22 19:15:18 2013 From: michael at stroeder.com (=?windows-1252?Q?Michael_Str=F6der?=) Date: Mon, 22 Apr 2013 19:15:18 +0200 Subject: [python-ldap] Patch: Allow abort of ldif parsing In-Reply-To: <6220C700E45E9D4FA0EA992EDEC2D0C8AC23A4@NLAMSPEXMB011.upcit.ds.upc.biz> References: <6220C700E45E9D4FA0EA992EDEC2D0C8AC23A4@NLAMSPEXMB011.upcit.ds.upc.biz> Message-ID: <51757026.6070401@stroeder.com> Fassl, Michael wrote: > I?ve extended the LDIFParser class to be able to abort parsing by returning > ?False? in the ?handle()? method. > > Reason I implemented this: > > I need to search for an object in a LDIF file containing ~ 8 million records > and I want to stop on the first match. > > Please share your thoughts about that. You could easily implement your own custom class based on LDIFParser and raise an abort exception in your custom method handle(). => no need for this patch Also changing the result type of handle() is rather cumbersome. I'd rather prefer a patch which implements a generator based on LDIFParser inspired by ldap.resiter.ResultProcessor. Hmm, maybe I already have some code for it somewhere on my hard disk... Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From anurag.chourasia at gmail.com Mon Apr 22 20:23:10 2013 From: anurag.chourasia at gmail.com (Anurag Chourasia) Date: Mon, 22 Apr 2013 14:23:10 -0400 Subject: [python-ldap] sAMAccountName in DN for Bind In-Reply-To: <51756EEE.7020104@stroeder.com> References: <51756EEE.7020104@stroeder.com> Message-ID: Dear Michael, Thanks for your response. You answer clarified it all. I was mixing up the bind operation with search. What I should have done is bind using a fixed user and then search across users for a match against sAMAccountName in order to authenticate a particular user but now it becomes more clear to me. Thanks again. Guddu On Mon, Apr 22, 2013 at 1:10 PM, Michael Str?der wrote: > Anurag Chourasia wrote: > > Is *sAMAccountName *not allowed in the DN for bind operation? > > What is allowed in a DB is entirely up to the server's schema checking. > > So this is a question you have to ask the LDAP server vendor. > > > If i use a DN = > "*CN=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" then > > I am able to bind and do a search operation also. > > > > However, if i use a DN= > > "*sAMAccountName=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" > then i > > get a *ldap.INVALID_CREDENTIALS* error > > Does entry > sAMAccountName=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp > actually exist. > > I suspect you expect some special magic which isn't there. > But better ask your LDAP server vendor. > > > I can confirm that the user has the attribute *sAMAccountName=Guddu *for > sure. > > That's not how LDAP simple bind works in general. > > There is some special non-standard feature in AD to use the user's > principal > name in a simple bind request. Not sure whether that works with ADAM > though. > > Ciao, Michael. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.fassl at lgi.com Tue Apr 23 19:00:07 2013 From: michael.fassl at lgi.com (Fassl, Michael) Date: Tue, 23 Apr 2013 17:00:07 +0000 Subject: [python-ldap] Patch: Allow abort of ldif parsing In-Reply-To: <51757026.6070401@stroeder.com> References: <6220C700E45E9D4FA0EA992EDEC2D0C8AC23A4@NLAMSPEXMB011.upcit.ds.upc.biz> <51757026.6070401@stroeder.com> Message-ID: <6220C700E45E9D4FA0EA992EDEC2D0C8AC69A2@NLAMSPEXMB011.upcit.ds.upc.biz> Hi Michael! "Michael Str?der" wrote: > You could easily implement your own custom class based on LDIFParser > and raise an abort exception in your custom method handle(). > > => no need for this patch > > Also changing the result type of handle() is rather cumbersome. > I'd rather prefer a patch which implements a generator based on > LDIFParser inspired by ldap.resiter.ResultProcessor. Hmm, maybe I > already have some code for it somewhere on my hard disk... I'm quite new to python and thus didn't think about that option. I like your suggestion very much as it appears to be a lot more straight forward and does not have this "if you return a specific value some things will magically happen"-touch. Thank you! Best regards Michael Fassl From eliswilson at hushmail.com Wed May 1 00:35:28 2013 From: eliswilson at hushmail.com (eliswilson at hushmail.com) Date: Tue, 30 Apr 2013 18:35:28 -0400 Subject: [python-ldap] Biggest Fake Conference in Computer Science Message-ID: <20130430223529.1CBC314DBDE@smtp.hushmail.com> Biggest Fake Conference in Computer Science We are researchers from different parts of the world and conducted a study on the world?s biggest bogus computer science conference WORLDCOMP http://sites.google.com/site/worlddump1 organized by Prof. Hamid Arabnia from University of Georgia, USA. We submitted a fake paper to WORLDCOMP 2011 and again (the same paper with a modified title) to WORLDCOMP 2012. This paper had numerous fundamental mistakes. Sample statements from that paper include: (1). Binary logic is fuzzy logic and vice versa (2). Pascal developed fuzzy logic (3). Object oriented languages do not exhibit any polymorphism or inheritance (4). TCP and IP are synonyms and are part of OSI model (5). Distributed systems deal with only one computer (6). Laptop is an example for a super computer (7). Operating system is an example for computer hardware Also, our paper did not express any conceptual meaning. However, it was accepted both the times without any modifications (and without any reviews) and we were invited to submit the final paper and a payment of $500+ fee to present the paper. We decided to use the fee for better purposes than making Prof. Hamid Arabnia richer. After that, we received few reminders from WORLDCOMP to pay the fee but we never responded. This fake paper is different from the two fake papers already published (see https://sites.google.com/site/worlddump4 for details) in WORLDCOMP. We MUST say that you should look at the above website if you have any thoughts of participating in WORLDCOMP. DBLP and other indexing agencies have stopped indexing WORLDCOMP?s proceedings since 2011 due to its fakeness. See http://www.informatik.uni-trier.de/~ley/db/conf/icai/index.html for of one of the conferences of WORLDCOMP and notice that there is no listing after 2010. See Section 2 of http://sites.google.com/site/dumpconf for comments from well-known researchers about WORLDCOMP. The status of your WORLDCOMP papers can be changed from scientific to other (i.e., junk or non-technical) at any time. Better not to have a paper than having it in WORLDCOMP and spoil the resume and peace of mind forever! Our study revealed that WORLDCOMP is money making business, using University of Georgia mask, for Prof. Hamid Arabnia. He is throwing out a small chunk of that money (around 20 dollars per paper published in WORLDCOMP?s proceedings) to his puppet (Mr. Ashu Solo or A.M.G. Solo) who publicizes WORLDCOMP and also defends it at various forums, using fake/anonymous names. The puppet uses fake names and defames other conferences to divert traffic to WORLDCOMP. He also makes anonymous phone calls and threatens the critiques of WORLDCOMP (See Item 7 of Section 5 of above website). That is, the puppet does all his best to get a maximum number of papers published at WORLDCOMP to get more money into his (and Prof. Hamid Arabnia?s) pockets. Prof. Hamid Arabnia makes a lot of tricks. For example, he appeared in a newspaper to fool the public, claiming him a victim of cyber-attack (see Item 8 in Section 5 of above website). Monte Carlo Resort (the venue of WORLDCOMP for more than 10 years, until 2012) has refused to provide the venue for WORLDCOMP?13 because of the fears of their image being tarnished due to WORLDCOMP?s fraudulent activities. That is why WORLDCOMP?13 is taking place at a different resort. WORLDCOMP will not be held after 2013. The draft paper submission deadline is over but still there are no committee members, no reviewers, and there is no conference Chairman. The only contact details available on WORLDCOMP?s website is just an email address! We ask Prof. Hamid Arabnia to publish all reviews for all the papers (after blocking identifiable details) since 2000 conference. Reveal the names and affiliations of all the reviewers (for each year) and how many papers each reviewer had reviewed on average. We also ask him to look at the Open Challenge (Section 6) at https://sites.google.com/site/moneycomp1 and respond if he has any professional values. Sorry for posting to multiple lists. Spreading the word is the only way to stop this bogus conference. Please forward this message to other mailing lists and people. We are shocked with Prof. Hamid Arabnia and his puppet?s activities at http://worldcomp-fake-bogus.blogspot.com Search Google using the keyword worldcomp fake for additional links. From eliswilson at hushmail.com Wed May 1 01:28:16 2013 From: eliswilson at hushmail.com (eliswilson at hushmail.com) Date: Tue, 30 Apr 2013 19:28:16 -0400 Subject: [python-ldap] Biggest Fake Conference in Computer Science Message-ID: <20130430232816.4C963E6736@smtp.hushmail.com> Biggest Fake Conference in Computer Science We are researchers from different parts of the world and conducted a study on the world?s biggest bogus computer science conference WORLDCOMP http://sites.google.com/site/worlddump1 organized by Prof. Hamid Arabnia from University of Georgia, USA. We submitted a fake paper to WORLDCOMP 2011 and again (the same paper with a modified title) to WORLDCOMP 2012. This paper had numerous fundamental mistakes. Sample statements from that paper include: (1). Binary logic is fuzzy logic and vice versa (2). Pascal developed fuzzy logic (3). Object oriented languages do not exhibit any polymorphism or inheritance (4). TCP and IP are synonyms and are part of OSI model (5). Distributed systems deal with only one computer (6). Laptop is an example for a super computer (7). Operating system is an example for computer hardware Also, our paper did not express any conceptual meaning. However, it was accepted both the times without any modifications (and without any reviews) and we were invited to submit the final paper and a payment of $500+ fee to present the paper. We decided to use the fee for better purposes than making Prof. Hamid Arabnia richer. After that, we received few reminders from WORLDCOMP to pay the fee but we never responded. This fake paper is different from the two fake papers already published (see https://sites.google.com/site/worlddump4 for details) in WORLDCOMP. We MUST say that you should look at the above website if you have any thoughts of participating in WORLDCOMP. DBLP and other indexing agencies have stopped indexing WORLDCOMP?s proceedings since 2011 due to its fakeness. See http://www.informatik.uni-trier.de/~ley/db/conf/icai/index.html for of one of the conferences of WORLDCOMP and notice that there is no listing after 2010. See Section 2 of http://sites.google.com/site/dumpconf for comments from well-known researchers about WORLDCOMP. The status of your WORLDCOMP papers can be changed from scientific to other (i.e., junk or non-technical) at any time. Better not to have a paper than having it in WORLDCOMP and spoil the resume and peace of mind forever! Our study revealed that WORLDCOMP is money making business, using University of Georgia mask, for Prof. Hamid Arabnia. He is throwing out a small chunk of that money (around 20 dollars per paper published in WORLDCOMP?s proceedings) to his puppet (Mr. Ashu Solo or A.M.G. Solo) who publicizes WORLDCOMP and also defends it at various forums, using fake/anonymous names. The puppet uses fake names and defames other conferences to divert traffic to WORLDCOMP. He also makes anonymous phone calls and threatens the critiques of WORLDCOMP (See Item 7 of Section 5 of above website). That is, the puppet does all his best to get a maximum number of papers published at WORLDCOMP to get more money into his (and Prof. Hamid Arabnia?s) pockets. Prof. Hamid Arabnia makes a lot of tricks. For example, he appeared in a newspaper to fool the public, claiming him a victim of cyber-attack (see Item 8 in Section 5 of above website). Monte Carlo Resort (the venue of WORLDCOMP for more than 10 years, until 2012) has refused to provide the venue for WORLDCOMP?13 because of the fears of their image being tarnished due to WORLDCOMP?s fraudulent activities. That is why WORLDCOMP?13 is taking place at a different resort. WORLDCOMP will not be held after 2013. The draft paper submission deadline is over but still there are no committee members, no reviewers, and there is no conference Chairman. The only contact details available on WORLDCOMP?s website is just an email address! We ask Prof. Hamid Arabnia to publish all reviews for all the papers (after blocking identifiable details) since 2000 conference. Reveal the names and affiliations of all the reviewers (for each year) and how many papers each reviewer had reviewed on average. We also ask him to look at the Open Challenge (Section 6) at https://sites.google.com/site/moneycomp1 and respond if he has any professional values. Sorry for posting to multiple lists. Spreading the word is the only way to stop this bogus conference. Please forward this message to other mailing lists and people. We are shocked with Prof. Hamid Arabnia and his puppet?s activities at http://worldcomp-fake-bogus.blogspot.com Search Google using the keyword worldcomp fake for additional links. From chitrankdixit at gmail.com Wed May 1 02:07:28 2013 From: chitrankdixit at gmail.com (Chitrank Dixit) Date: Wed, 1 May 2013 05:37:28 +0530 Subject: [python-ldap] LDAP dependencies Message-ID: Hello LDAP developers I want to ask does LDAP has dependecies over some external module or it runs with the Python's standard library or built in functions. *Regards * *Chitrank Dixit * *IIPS-DAVV * *Indore (M.P.) , India * *MCA * *trackleech.blogspot.in* -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Wed May 1 23:52:57 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 01 May 2013 23:52:57 +0200 Subject: [python-ldap] LDAP dependencies In-Reply-To: References: Message-ID: <51818EB9.7050002@stroeder.com> Chitrank Dixit wrote: > I want to ask does LDAP has dependecies over some external module or it runs > with the Python's standard library or built in functions. See the docs you can find on the web site: http://www.python-ldap.org/docs.shtml In particular for your question: http://www.python-ldap.org/doc/html/installing.html#prerequisites Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From estartu at ze.tum.de Mon May 13 11:16:03 2013 From: estartu at ze.tum.de (Gerhard Schmidt) Date: Mon, 13 May 2013 11:16:03 +0200 Subject: [python-ldap] jpegPhoto and Multiple Values Message-ID: <5190AF53.7040106@ze.tum.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've a problem wit py-ldap an jpegPhoto. jpegPhoto is not singel value, but adding a second photo to attribute fails. When i try (ldap.MOD_ADD, 'jpegPhoto', img) pyldap reports ldap.INAPPROPRIATE_MATCHING: {'info': 'modify/add: jpegPhoto: no equality matching rule', 'desc': 'Inappropriate matching'} How can I add a second entry to a jpegPhoto Attribute. Regards Estartu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQCVAwUBUZCvUwzx22nOTJQRAQJYZQP7BVeS6heXggo7T+jwlWrgXCbNnr3bnJ/a rvf4/sDdC1kLanN7bxeU1V0X7EBGUiHIpuhKp+u7s2plzlQNoYJSF3dxnIBWNU35 hn/VhtD8UpllO0EUZzz0j32miUBw4cpYR4PvXLQ1TuUyKG8wgKhN0/38uzkv90QN IThDpVmYPN4= =pMtB -----END PGP SIGNATURE----- From michael at stroeder.com Mon May 27 10:10:58 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 27 May 2013 10:10:58 +0200 Subject: [python-ldap] ANN: python-ldap 2.4.11 Message-ID: <51A31512.2000309@stroeder.com> Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.4.11 python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAP URLs and LDAPv3 schema). Project's web site: http://www.python-ldap.org/ Ciao, Michael. ---------------------------------------------------------------- Released 2.4.11 2013-05-27 Changes since 2.4.10: Lib/ * ldap.controls.DecodeControlTuples() now simply ignores PyAsn1Error exception raised during decoding malformed response control values in case of non-critical controls. * ldif.LDIFWriter.unparse() does not simply skip empty records anymore. From florent.xicluna at gmail.com Wed May 29 10:13:43 2013 From: florent.xicluna at gmail.com (Florent) Date: Wed, 29 May 2013 10:13:43 +0200 Subject: [python-ldap] bug: python-ldap 2.4.11 adds a dependency on pyasn1 Message-ID: Hello, it seems that the latest release of python-ldap broke our tests. The module has gained a strong dependency on pyasn1, which is not declared in setup.py. IMHO, this dependency should stay optional (it was ok with version 2.4.10). File "/srv/buildbot/parts/demo/build/src/addons/users_ldap/users_ldap.py", line 23, in import ldap File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/__init__.py", line 85, in from functions import open,initialize,init,get_option,set_option File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/functions.py", line 35, in from ldap.ldapobject import LDAPObject File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/ldapobject.py", line 38, in from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/controls/__init__.py", line 38, in from pyasn1.error import PyAsn1Error ImportError: No module named pyasn1.error -- Florent -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Wed May 29 21:52:45 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 29 May 2013 21:52:45 +0200 Subject: [python-ldap] bug: python-ldap 2.4.11 adds a dependency on pyasn1 In-Reply-To: References: Message-ID: <51A65C8D.7090100@stroeder.com> Florent wrote: > it seems that the latest release of python-ldap broke our tests. > The module has gained a strong dependency on pyasn1, which is not declared in > setup.py. > IMHO, this dependency should stay optional (it was ok with version 2.4.10). > > > File "/srv/buildbot/parts/demo/build/src/addons/users_ldap/users_ldap.py", line 23, in > import ldap > File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/__init__.py", line 85, in > from functions import open,initialize,init,get_option,set_option > File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/functions.py", line 35, in > from ldap.ldapobject import LDAPObject > File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/ldapobject.py", line 38, in > from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples > File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/controls/__init__.py", line 38, in > from pyasn1.error import PyAsn1Error > ImportError: No module named pyasn1.error Could you please check whether the patch below solves that for you? Ciao, Michael. P.S.: It's definitely worth to subscribe to the mailing list. Index: Lib/ldap/controls/__init__.py =================================================================== RCS file: /cvsroot/python-ldap/python-ldap/Lib/ldap/controls/__init__.py,v retrieving revision 1.8 diff -u -r1.8 __init__.py --- Lib/ldap/controls/__init__.py 10 Jul 2012 20:23:44 -0000 1.8 +++ Lib/ldap/controls/__init__.py 29 May 2013 19:51:45 -0000 @@ -35,7 +35,11 @@ KNOWN_RESPONSE_CONTROLS = {} import _ldap,ldap -from pyasn1.error import PyAsn1Error + +try: + from pyasn1.error import PyAsn1Error +except ImportError: + PyAsn1Error = None class RequestControl: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Wed May 29 22:31:48 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 29 May 2013 22:31:48 +0200 Subject: [python-ldap] bug: python-ldap 2.4.11 adds a dependency on pyasn1 In-Reply-To: References: <51A65C8D.7090100@stroeder.com> Message-ID: <51A665B4.4040703@stroeder.com> Florent wrote: > With this patch, the tests pass. Find release 2.4.12 with this fix on PyPI. Thanks for reporting it. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3883 bytes Desc: S/MIME Cryptographic Signature URL: From florent.xicluna at gmail.com Wed May 29 22:12:22 2013 From: florent.xicluna at gmail.com (Florent) Date: Wed, 29 May 2013 22:12:22 +0200 Subject: [python-ldap] bug: python-ldap 2.4.11 adds a dependency on pyasn1 In-Reply-To: <51A65C8D.7090100@stroeder.com> References: <51A65C8D.7090100@stroeder.com> Message-ID: With this patch, the tests pass. Thank you, -- Florent 2013/5/29 Michael Str?der : > Florent wrote: >> it seems that the latest release of python-ldap broke our tests. >> The module has gained a strong dependency on pyasn1, which is not declared in >> setup.py. >> IMHO, this dependency should stay optional (it was ok with version 2.4.10). >> >> >> File "/srv/buildbot/parts/demo/build/src/addons/users_ldap/users_ldap.py", line 23, in >> import ldap >> File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/__init__.py", line 85, in >> from functions import open,initialize,init,get_option,set_option >> File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/functions.py", line 35, in >> from ldap.ldapobject import LDAPObject >> File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/ldapobject.py", line 38, in >> from ldap.controls import LDAPControl,DecodeControlTuples,RequestControlTuples >> File "/srv/openerp/.buildout/eggs/python_ldap-2.4.11-py2.6-linux-x86_64.egg/ldap/controls/__init__.py", line 38, in >> from pyasn1.error import PyAsn1Error >> ImportError: No module named pyasn1.error > > Could you please check whether the patch below solves that for you? > > Ciao, Michael. > > P.S.: It's definitely worth to subscribe to the mailing list. > > Index: Lib/ldap/controls/__init__.py > =================================================================== > RCS file: /cvsroot/python-ldap/python-ldap/Lib/ldap/controls/__init__.py,v > retrieving revision 1.8 > diff -u -r1.8 __init__.py > --- Lib/ldap/controls/__init__.py 10 Jul 2012 20:23:44 -0000 1.8 > +++ Lib/ldap/controls/__init__.py 29 May 2013 19:51:45 -0000 > @@ -35,7 +35,11 @@ > KNOWN_RESPONSE_CONTROLS = {} > > import _ldap,ldap > -from pyasn1.error import PyAsn1Error > + > +try: > + from pyasn1.error import PyAsn1Error > +except ImportError: > + PyAsn1Error = None > > > class RequestControl: > From python3ldap at gmail.com Wed Jun 5 19:45:25 2013 From: python3ldap at gmail.com (GG CC) Date: Wed, 5 Jun 2013 19:45:25 +0200 Subject: [python-ldap] Python3 Ldap Client Library Message-ID: Hi, I'm developing a pure python ldap client library to be used in version 3 of Python. My mandatory requirement are: 1. strictly follow the latest RFC for LDAP 3 ( from rfc4510 to rfc4519) 2. platform independent (at least for linux and Windows) architecture 3. do not have any external dependence (no openldap client library) 4. to be compatible with python3 and (possibly) python2 5. have a list of connection strategies (no thread, single thread, multithread, event...) to choose from, either synchronous or asynchronous 6. have a semplified query construction language 7. have a compatibility mode for application using python-ldap The project will be open source. I have a basic client working (at a pre-alpha stage) and I'm about to create a site for hosting it. I've made a package submission on pypi for python3-ldap (I'm not sure if this will be the name), but there is no code available yet. A bit more info about the previous requirements: 1. Latest RFC for ldap v3 (dated 2006) obsoletes the previous RFC specified in rfc3377 (2251-2256, 2829, 2830, 3371) for ldap v3 and amend and clarify the ldap protocol. I've already rewritten all the asn1 definitions from the rfc4511 because those in the pyasn1_modules package are not current with the RFC. 2. The library should run on Windows and Linux with no differences. 3. I usually work on Linux and Windows boxes and each time have to install the current python-ldap library from different sources. My library should be directly installed from pypi using pip or a similar package manager on both platforms. With python-ldap on Windows I can't use pip to update the library from the CheeseShop so I do not want to have any dependencies, installation should be the same on both platforms. Socket and thread programming should be appropriate for the platform used, with no changes needed in the configuration. My library should depend on the standard library and (for now) on the pyasn1 package only. 4. I'm writing and testing the library in Python 3, but it should (hopefully) be compatible with Python 2. Unicode strings are appropriately converted. 5. I'm not sure about which connection strategy is the best to use on ldap messages communication, so I'm writing a connection object with a "pluggable" socket connection strategy. For now I have "sync-nothread" and "async-blocking-threaded" strategies, maybe I'll add a "async-multiprocess-blocking" strategy and an "event-nonblocking-strategy". 6. I've already developed (for another project) an "abstraction layer" for ldap query. For example I can define "application fields" that maps to ldap attributes with a validate, prequery-transformation, postquery-transformation and a simplified query language. I think it could be helpful to extend the abstration to add/modify/delete and include this abstraction layer in the library to (optionally) simplify ldap usage. The following is an excerpt from my other project: # This is the definition of an abstract "Role" class mapped to an ldap object of class "CustomRole". # Fields maps to attributes (roleName to LocalizedName, roleLevel to RoleLevel, roleOwner to owner') # attr is the name of the attribute in ldap # multivalue fields are returned as a list of values # validation is a function to be executed with the value of the field. It it's non True the field is not added to the query # preQuery is a function to be executed to transform the value of the field before the query is executed # postQuery is a function to be executed to transform the response values of the query # default is a value to be returned if the query for that attribute is empty class Role(_ldapBase): LDAPClass = 'CustomRole' baseLDAP = 'ou=roles,o=company') attrDefs = { 'roleName': { 'attr': 'CustomRoleName', 'multivalue': False, 'validation': None, 'preQuery': lambda attrName, attrValue: Role._filterName('nrfLocalizedNames', AttrName, AttrValue), 'postQuery': lambda a: Role._getCustomName(a), 'default': 'no-role' }, 'roleLevel': { 'attr': 'RoleLevel', 'multivalue': False, 'validation': lambda value: True if value in ['1', '2', '3'] else False, 'preQuery': None, 'postQuery': None, 'default': '' }, 'roleOwner': { 'attr': 'owner', 'multivalue': True, 'validation': None, 'preQuery': None, 'postQuery': None, 'default': [] }, } when I execute a query on this class I can use something like: roleName:admin,user roleLevel:3 and get the result for the following search filter: (&(|(CustomRoleName=admin_role)(CustomRoleName=admin_role))(RoleLevel = 3)). 7. I have developed different projects that use the python-ldap library. I'd like to convert them to python3 without changing what I've already done for the ldap part. So it should be (ideally) enough just to change the import from python-ldap to python3-ldap (or whatever the name of the library will be). I'm writing in this list to know if anybody is interested in this kind of project and have suggestions or hints on how to go on. Thanks, gc ps. I admit the reading RFCs is not one of the most interesting things to do in your spare time... -------------- next part -------------- An HTML attachment was scrubbed... URL: From shodaime.hokage at gmail.com Thu Jun 6 03:26:15 2013 From: shodaime.hokage at gmail.com (D S) Date: Wed, 5 Jun 2013 21:26:15 -0400 Subject: [python-ldap] importing ldap changes my server paths Message-ID: I am using Django, and as soon as I import the ldap library (without making any actual use of the library), my server becomes useless. Django depends on a file called urls.py to route server requests as they are received, and as soon as I import ldap, all incoming requests become 404, as if the server no longer knows where this routing file is. Looking in ldap's __init__.py didn't reveal any obvious directory overwriting, etc. If you are familiar with this library, can you give me a hint as to what is happening? I have definitely narrowed it down to the import of this library, though. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shodaime.hokage at gmail.com Thu Jun 6 10:06:34 2013 From: shodaime.hokage at gmail.com (D S) Date: Thu, 6 Jun 2013 04:06:34 -0400 Subject: [python-ldap] importing ldap changes my server paths Message-ID: I was able to resolve the issue. The import was failing (silently), which, in my app, also caused the file initiating the import to be essentially dead, which killed my server's ability to respond to requests. On Thu, Jun 6, 2013 at 4:02 AM, Michael Str?der wrote: > D S wrote: > > I am using Django, and as soon as I import the ldap library (without > making > > any actual use of the library), my server becomes useless. Django > depends > > on a file called urls.py to route server requests as they are received, > and > > as soon as I import ldap, all incoming requests become 404, as if the > > server no longer knows where this routing file is. Looking in ldap's > > __init__.py didn't reveal any obvious directory overwriting, etc. If you > > are familiar with this library, can you give me a hint as to what is > > happening? I have definitely narrowed it down to the import of this > > library, though. > > I know python-ldap very well but I don't know anything about Django. > > But I can't imagine how "import ldap" itself affects any Django > mechanisms. I > suspect there's something wrong within your Django app. > > Ciao, Michael. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Thu Jun 6 10:02:05 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 06 Jun 2013 10:02:05 +0200 Subject: [python-ldap] importing ldap changes my server paths In-Reply-To: References: Message-ID: <51B041FD.1070500@stroeder.com> D S wrote: > I am using Django, and as soon as I import the ldap library (without making > any actual use of the library), my server becomes useless. Django depends > on a file called urls.py to route server requests as they are received, and > as soon as I import ldap, all incoming requests become 404, as if the > server no longer knows where this routing file is. Looking in ldap's > __init__.py didn't reveal any obvious directory overwriting, etc. If you > are familiar with this library, can you give me a hint as to what is > happening? I have definitely narrowed it down to the import of this > library, though. I know python-ldap very well but I don't know anything about Django. But I can't imagine how "import ldap" itself affects any Django mechanisms. I suspect there's something wrong within your Django app. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2398 bytes Desc: S/MIME Cryptographic Signature URL: From jcasale at activenetwerx.com Fri Jun 7 03:19:42 2013 From: jcasale at activenetwerx.com (Joseph L. Casale) Date: Fri, 7 Jun 2013 01:19:42 +0000 Subject: [python-ldap] Processing large ldif group exports from AD Message-ID: <18cf77ad2f404417a47110c3c7ccfd17@exch.activenetwerx.com> Seems there is some limitation in exporting large groups with ldifde.exe as after a certain size the group entry is split away from its multiple member entries into a add type modlist which presents an issue to parse. Anyone encountered this and have a solution? Thanks, jlc From michael at stroeder.com Fri Jun 7 10:58:16 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 07 Jun 2013 10:58:16 +0200 Subject: [python-ldap] Processing large ldif group exports from AD In-Reply-To: <18cf77ad2f404417a47110c3c7ccfd17@exch.activenetwerx.com> References: <18cf77ad2f404417a47110c3c7ccfd17@exch.activenetwerx.com> Message-ID: <51B1A0A8.3060508@stroeder.com> Joseph L. Casale wrote: > Seems there is some limitation in exporting large groups with ldifde.exe as after a certain size > the group entry is split away from its multiple member entries into a add type modlist which > presents an issue to parse. > > Anyone encountered this and have a solution? In its default configuration AD won't return more than 1000 member values in LDAP search results. MS introduced a proprietary mechanism for retrieving more values using kind of sub-types: http://ietfreport.isoc.org/idref/draft-kashi-incremental/ Not sure whether ldif.exe supports it. You can also tweak this limit in NTDS LDAP policy. Consult MS docs for more information about that. python-ad claims to support draft-kashi-incremental-00.txt: https://code.google.com/p/python-ad/ Never used it myself though. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2398 bytes Desc: S/MIME Cryptographic Signature URL: From jcasale at activenetwerx.com Fri Jun 7 23:47:46 2013 From: jcasale at activenetwerx.com (Joseph L. Casale) Date: Fri, 7 Jun 2013 21:47:46 +0000 Subject: [python-ldap] importing ldap changes my server paths In-Reply-To: <51B041FD.1070500@stroeder.com> References: , <51B041FD.1070500@stroeder.com> Message-ID: >I know python-ldap very well but I don't know anything about Django. > >But I can't imagine how "import ldap" itself affects any Django mechanisms. I >suspect there's something wrong within your Django app. Could this not be a result of conflicting apartment types for example, the ldap module loads libraries, maybe Django does? I encountered the same issue described here once: http://anselmo.homeunix.net/ebooks/pythonwin32/appd.htm jlc From jonathan at giannuzzi.be Tue Jun 25 16:45:55 2013 From: jonathan at giannuzzi.be (Jonathan Giannuzzi) Date: Tue, 25 Jun 2013 16:45:55 +0200 Subject: [python-ldap] Patch for ReconnectLDAPObject Message-ID: <8E4CFB3D-7E90-40D3-A108-C4BC474ADE0C@giannuzzi.be> Hello, I have found a regression in ReconnectLDAPObject introduced in release 2.4.9 (revision 1.131). Because of the internal locking, if a connection has been established and bound, then disconnected by the server, the next operation will end in an infinite loop. That is because reconnect will set self._pending_reconnect to 1 (the lock), then call _apply_last_bind(), which will then call reconnect again, which will then be stuck waiting for self._pending_reconnect to be set back to 0. I thus changed self._last_bind to use the parent class method, so that it does not call reconnect recursively. Another failure happened when using the ldappool library, which would call unbind_s() when a connection became invalid. Because self._l was deleted after failing to reconnect, the unbind_s() call would raise an AttributeError exception. I fixed that by moving the reset of the connection to be done after the raise, so that an exception after unsuccessful reconnects would not mess with self._l. Finally, there was a change introduced 2 days ago (revision 1.134) where the call to simple_bind_s() in _apply_last_bind() failed with a TypeError. I fixed it by adding self as first parameter. Please let me know what you think of those changes. Thanks & best regards, Jonathan Giannuzzi -------------- next part -------------- A non-text attachment was scrubbed... Name: python-ldap_reconnect.patch Type: application/octet-stream Size: 2085 bytes Desc: not available URL: From michael at stroeder.com Tue Jun 25 19:41:10 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 25 Jun 2013 19:41:10 +0200 Subject: [python-ldap] Patch for ReconnectLDAPObject In-Reply-To: <8E4CFB3D-7E90-40D3-A108-C4BC474ADE0C@giannuzzi.be> References: <8E4CFB3D-7E90-40D3-A108-C4BC474ADE0C@giannuzzi.be> Message-ID: <51C9D636.5@stroeder.com> Jonathan, Jonathan Giannuzzi wrote: > I have found a regression in ReconnectLDAPObject introduced in release 2.4.9 (revision 1.131). Many thanks for your patch. It's committed to HEAD. Please test. Also others should test it. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2398 bytes Desc: S/MIME Cryptographic Signature URL: From jonathan at giannuzzi.be Wed Jun 26 17:02:43 2013 From: jonathan at giannuzzi.be (Jonathan Giannuzzi) Date: Wed, 26 Jun 2013 17:02:43 +0200 Subject: [python-ldap] Patch for ReconnectLDAPObject In-Reply-To: <51C9D636.5@stroeder.com> References: <8E4CFB3D-7E90-40D3-A108-C4BC474ADE0C@giannuzzi.be> <51C9D636.5@stroeder.com> Message-ID: <70A67599-B27A-44A5-BC6E-A88F8162B726@giannuzzi.be> Hi Michael, On 25 Jun 2013, at 19:41, Michael Str?der wrote: > Jonathan, > > Jonathan Giannuzzi wrote: >> I have found a regression in ReconnectLDAPObject introduced in release 2.4.9 (revision 1.131). > > Many thanks for your patch. > > It's committed to HEAD. Thanks for committing it. > Please test. Also others should test it. All my tests are successful. > Ciao, Michael. Best regards, Jonathan From michael at stroeder.com Thu Jun 27 10:59:46 2013 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 27 Jun 2013 10:59:46 +0200 Subject: [python-ldap] ANN: python-ldap 2.4.13 Message-ID: <51CBFF02.90202@stroeder.com> Find a new release of python-ldap: http://pypi.python.org/pypi/python-ldap/2.4.11 python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAP URLs and LDAPv3 schema). Project's web site: http://www.python-ldap.org/ Ciao, Michael. ---------------------------------------------------------------- Released 2.4.13 2013-06-27 Changes since 2.4.12: Lib/ * ldapobject.ReconnectLDAPObject._apply_last_bind() now sends anonymous simple bind request even if the calling application did not to provoke ldap.SERVER_DOWN in method reconnect() * ldapobject.ReconnectLDAPObject.reconnect() now also catches ldap.TIMEOUT exception after reconnection attempt * Several other fixes for ldapobject.ReconnectLDAPObject (thanks to Jonathan Giannuzzi) ---------------------------------------------------------------- Released 2.4.12 2013-06-01 Changes since 2.4.11: Lib/ * Truly optional import of PyAsn1Error exception which should not fail anymore if pyasn1 is not installed