python-ldap: searching without specifying an OU?
Michael Ströder
michael at stroeder.com
Thu Apr 24 05:51:08 EDT 2008
hotani wrote:
> http://peeved.org/blog/2007/11/20/
BTW: This blog entry claims that LDAP_SERVER_DOMAIN_SCOPE_OID control
cannot be used with python-ldap. But support for such simple LDAPv3
extended controls was added to python-ldap way back in 2005.
Actually it's easy (relevant code excerpt):
----------------------------------------------------------------
import ldap
from ldap.controls import BooleanControl
LDAP_SERVER_DOMAIN_SCOPE_OID='1.2.840.113556.1.4.1339'
[..]
l = ldap.initialize(ldap_uri,trace_level=trace_level)
# Switch off chasing referrals within OpenLDAP's libldap
l.set_option(ldap.OPT_REFERRALS, 0)
# Simple bind with user's DN and password
l.simple_bind_s(dn,password)
res = l.search_ext_s(
'DC=dom,DC=example,DC=com',
ldap.SCOPE_ONELEVEL,
'(objectClass=subentry)',
['*'],
serverctrls = [
BooleanControl(
LDAP_SERVER_DOMAIN_SCOPE_OID,
criticality=0,controlValue=1
)
]
)
----------------------------------------------------------------
Strange enough it has no effect. And setting criticality=1 raises an
error indicating that this control is not supported although this
control is explicitly mentioned in attribute 'supportedControl' of the
server's rootDSE:
ldap.UNAVAILABLE_CRITICAL_EXTENSION: {'info': '00000057: LdapErr:
DSID-0C09068F, comment: Error processing control, data 0, vece', 'desc':
'Critical extension is unavailable'}
Might depend on the domain functional level AD is running with...
Ciao, Michael.
More information about the Python-list
mailing list