python-ldap - Operations Error
Michael Ströder
michael at stroeder.com
Thu Apr 24 05:25:48 EDT 2008
theiviaxx at gmail.com wrote:
>>>> import ldap
>>>> l = ldap.initialize("ldap://server.net")
>>>> l.simple_bind(DN, "secret")
> 1
^^^
You probably want to use the synchronous method simple_bind_s() since
you want to impersonate on this LDAP connection immediately before doing
anything else on that connection.
>>>> l.result(1)
> (97, [])
Could you please use argument trace_level=2 when calling
ldap.initialize() and examine the debug log? It records all method calls
of your particular LDAPObject instance.
l = ldap.initialize("ldap://server.net",trace_level=2)
Level 2 outputs a debug log with results received. Protect this log
since it also contains passwords!
>>>> l.search("dc=server,dc=net", ldap.SCOPE_SUBTREE, "(sAMAccountName=user)")
> OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627, comment:
> In order to perform this operation a successful bind must be completed
> on the connection., data 0, vece', 'desc': 'Operations error'}
Still something went wrong with your bind. Since I don't know your DN I
can't say anything. The DN should be a local user in this domain and not
a user from another trusted domain. If you have a complicated AD setup
with various domains and delegated trust connecting to the GC (global
catalog) on port 3268 might be easier.
> The simple bind works fine and returns a result, when i get the
> result, it returns 97 meaning successful.
It would raise an exception if an LDAP error was received.
> So there was a successful
> bind on the connection, right?
Don't know. Since I don't know your DN and AD domain configuation.
I've added a new example script ms_ad_bind.py to python-ldap's Demo/
directory illustrating all the possible bind methods:
http://python-ldap.cvs.sourceforge.net/*checkout*/python-ldap/python-ldap/Demo/ms_ad_bind.py?content-type=text%2Fplain
For getting the SASL stuff to correctly work your DNS has to be properly
set up for AD (A RRs and matching PTR RRs for the DCs).
Ciao, Michael.
More information about the Python-list
mailing list