From whatawonderfulworldweliveintoo at yahoo.com Tue Oct 3 19:50:12 2006 From: whatawonderfulworldweliveintoo at yahoo.com (Ted Johnson) Date: Tue, 3 Oct 2006 10:50:12 -0700 (PDT) Subject: Old Distro Message-ID: <20061003175013.22686.qmail@web58409.mail.re3.yahoo.com> Hi; I've successfully installed python 2.4.3 and OpenLDAPwith py-ldap2 (thanks to help from this list). However, I realize that I should probably stick with python 2.3.5, because my Zope instance, which serves my Web sites and which I am not able to upgrade at this point, depends on that vintage, and I will be using LDAP to authenticate users to my portal. Furthermore, the py-ldap2 distro that I built from the ports in my FreeBSD 6.1 pulled a version of that s/w that is apparently incompatible with python 2.3.5. Therefore, I should probably d/l an old distro (after Feb 8, 2005) of py-ldap2. But where do I find it? I've only been able to find the latest and greatest. TIA, Ted 3 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From whatawonderfulworldweliveintoo at yahoo.com Tue Oct 3 19:56:20 2006 From: whatawonderfulworldweliveintoo at yahoo.com (Ted Johnson) Date: Tue, 3 Oct 2006 10:56:20 -0700 (PDT) Subject: Can't Import LDAP Message-ID: <20061003175620.69907.qmail@web58408.mail.re3.yahoo.com> I thought I had written you off-list because I'd accidentally erased your response while I was working on solving my problem, but I just checked and the email never got sent! It was more involved than I thought, and by the time I got it all figured out, I'd erased your email. I had to figure out how to install a new python over the old, but the old kept getting called. It was because the python binary lived in /usr/bin and the new one in /usr/local/bin, and guess which one got called first! Anyway, everything works now. However, I'm working on getting an older distro of py-ldap2 because I've realized I will probably need to work with the older python :( Thanks, Ted3 --------------------------------- Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2?/min or less. -------------- next part -------------- An HTML attachment was scrubbed... URL: From whatawonderfulworldweliveintoo at yahoo.com Tue Oct 3 21:58:50 2006 From: whatawonderfulworldweliveintoo at yahoo.com (Ted Johnson) Date: Tue, 3 Oct 2006 12:58:50 -0700 (PDT) Subject: Old Distro In-Reply-To: <4522A7EA.3090109@delphij.net> Message-ID: <20061003195850.12501.qmail@web58415.mail.re3.yahoo.com> I realized too late that I should have moved the /usr/bin/python binary before building out with the command you gave me. I used your command but still couldn't import ldap...I assume because I didn't uninstall the old python 2.3.5 (which I don't know how to do, since it's not built from ports, so I'll just move the binary :) Anyway, can you give me a command which undoes everything you just had me do, and I'll try again? TIA, Ted2 LI Xin wrote: Ted Johnson wrote: > Hi; > I've successfully installed python 2.4.3 and OpenLDAPwith py-ldap2 > (thanks to help from this list). However, I realize that I should > probably stick with python 2.3.5, because my Zope instance, which serves > my Web sites and which I am not able to upgrade at this point, depends > on that vintage, and I will be using LDAP to authenticate users to my > portal. Furthermore, the py-ldap2 distro that I built from the ports in > my FreeBSD 6.1 pulled a version of that s/w that is apparently > incompatible with python 2.3.5. Therefore, I should probably d/l an old > distro (after Feb 8, 2005) of py-ldap2. But where do I find it? I've > only been able to find the latest and greatest. > TIA, > Ted 3 I think you may want to do a "make clean all deinstall install PYTHON_VERSION=python2.3" in ports/net/py-ldap2? I think that would be enough to force a python2.3 dependency for python-ldap2. Cheers, -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: From delphij at delphij.net Wed Oct 4 02:51:56 2006 From: delphij at delphij.net (LI Xin) Date: Wed, 04 Oct 2006 08:51:56 +0800 Subject: Old Distro In-Reply-To: <20061003195850.12501.qmail@web58415.mail.re3.yahoo.com> References: <20061003195850.12501.qmail@web58415.mail.re3.yahoo.com> Message-ID: <452305AC.1030500@delphij.net> Ted Johnson wrote: > I realized too late that I should have moved the /usr/bin/python binary > before building out with the command you gave me. I used your command > but still couldn't import ldap...I assume because I didn't uninstall the > old python 2.3.5 (which I don't know how to do, since it's not built > from ports, so I'll just move the binary :) Anyway, can you give me a > command which undoes everything you just had me do, and I'll try again? If I understand correctly, that would be "make deinstall clean" and then "make install clean", if it insists to use python2.3, try specifying PYTHON_VERSION=python2.4. Note that it's not the end of world if you have a installation in /usr/bin/python :-) Just do a tarball over: /usr/bin/idle* /usr/bin/python* /usr/lib/python* /usr/include/python* /usr/share/python* /usr/share/examples/python*, then remove them would make sure that you have a clean system. Note that Zope 2.7 requires Python 2.3 series IIRC. If you have a spare system, installing everything from scratch with the ports collection there before actual operation on production system would save you a lot of time. Cheers, -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: From delphij at delphij.net Tue Oct 3 20:11:54 2006 From: delphij at delphij.net (LI Xin) Date: Wed, 04 Oct 2006 02:11:54 +0800 Subject: Old Distro In-Reply-To: <20061003175013.22686.qmail@web58409.mail.re3.yahoo.com> References: <20061003175013.22686.qmail@web58409.mail.re3.yahoo.com> Message-ID: <4522A7EA.3090109@delphij.net> Ted Johnson wrote: > Hi; > I've successfully installed python 2.4.3 and OpenLDAPwith py-ldap2 > (thanks to help from this list). However, I realize that I should > probably stick with python 2.3.5, because my Zope instance, which serves > my Web sites and which I am not able to upgrade at this point, depends > on that vintage, and I will be using LDAP to authenticate users to my > portal. Furthermore, the py-ldap2 distro that I built from the ports in > my FreeBSD 6.1 pulled a version of that s/w that is apparently > incompatible with python 2.3.5. Therefore, I should probably d/l an old > distro (after Feb 8, 2005) of py-ldap2. But where do I find it? I've > only been able to find the latest and greatest. > TIA, > Ted 3 I think you may want to do a "make clean all deinstall install PYTHON_VERSION=python2.3" in ports/net/py-ldap2? I think that would be enough to force a python2.3 dependency for python-ldap2. Cheers, -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: From whatawonderfulworldweliveintoo at yahoo.com Wed Oct 4 18:01:43 2006 From: whatawonderfulworldweliveintoo at yahoo.com (Ted Johnson) Date: Wed, 4 Oct 2006 09:01:43 -0700 (PDT) Subject: CRISIS!! WAS: Old Distro In-Reply-To: <452305AC.1030500@delphij.net> Message-ID: <20061004160143.80543.qmail@web58404.mail.re3.yahoo.com> My server's down!!! I don't have a spare machine to try things out on yet. I went ahead and moved all the python stuff, tried your recipe to reinstall from ports, but now when I type in "python" at the prompt it tells me no such command exists! It's not to be found in /usr/bin or /usr/local/bin. I restored everything I moved (including the aforementioned) but python still doesn't come up. Help! Ted2 LI Xin wrote: Ted Johnson wrote: > I realized too late that I should have moved the /usr/bin/python binary > before building out with the command you gave me. I used your command > but still couldn't import ldap...I assume because I didn't uninstall the > old python 2.3.5 (which I don't know how to do, since it's not built > from ports, so I'll just move the binary :) Anyway, can you give me a > command which undoes everything you just had me do, and I'll try again? If I understand correctly, that would be "make deinstall clean" and then "make install clean", if it insists to use python2.3, try specifying PYTHON_VERSION=python2.4. Note that it's not the end of world if you have a installation in /usr/bin/python :-) Just do a tarball over: /usr/bin/idle* /usr/bin/python* /usr/lib/python* /usr/include/python* /usr/share/python* /usr/share/examples/python*, then remove them would make sure that you have a clean system. Note that Zope 2.7 requires Python 2.3 series IIRC. If you have a spare system, installing everything from scratch with the ports collection there before actual operation on production system would save you a lot of time. Cheers, -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1?/min. -------------- next part -------------- An HTML attachment was scrubbed... URL: From whatawonderfulworldweliveintoo at yahoo.com Wed Oct 4 19:43:14 2006 From: whatawonderfulworldweliveintoo at yahoo.com (Ted Johnson) Date: Wed, 4 Oct 2006 10:43:14 -0700 (PDT) Subject: CRISIS!! WAS: Old Distro Message-ID: <20061004174314.80403.qmail@web58407.mail.re3.yahoo.com> Fixed it. This to me is outrageous, that I should have to figure this out and that the ports don't do this automatically, but what I did was copy /usr/ports/lang/python23/work/Python-2.3.5/build.shared/python to /usr/local/bin Once I did that, I could fire up the python interpreter and import ldap. I think I'm done with that project now! Thanks Xin for your help!! Ted2 Ted Johnson wrote: My server's down!!! I don't have a spare machine to try things out on yet. I went ahead and moved all the python stuff, tried your recipe to reinstall from ports, but now when I type in "python" at the prompt it tells me no such command exists! It's not to be found in /usr/bin or /usr/local/bin. I restored everything I moved (including the aforementioned) but python still doesn't come up. Help! Ted2 LI Xin wrote: Ted Johnson wrote: > I realized too late that I should have moved the /usr/bin/python binary > before building out with the command you gave me. I used your command > but still couldn't import ldap...I assume because I didn't uninstall the > old python 2.3.5 (which I don't know how to do, since it's not built > from ports, so I'll just move the binary :) Anyway, can you give me a > command which undoes everything you just had me do, and I'll try again? If I understand correctly, that would be "make deinstall clean" and then "make install clean", if it insists to use python2.3, try specifying PYTHON_VERSION=python2.4. Note that it's not the end of world if you have a installation in /usr/bin/python :-) Just do a tarball over: /usr/bin/idle* /usr/bin/python* /usr/lib/python* /usr/include/python* /usr/share/python* /usr/share/examples/python*, then remove them would make sure that you have a clean system. Note that Zope 2.7 requires Python 2.3 series IIRC. If you have a spare system, installing everything from scratch with the ports collection there before actual operation on production system would save you a lot of time. Cheers, -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1?/min.103 --------------------------------- Stay in the know. Pulse on the new Yahoo.com. Check it out. -------------- next part -------------- An HTML attachment was scrubbed... URL: From geert.van.muylem at utimaco.be Tue Oct 17 15:31:20 2006 From: geert.van.muylem at utimaco.be (geert.van.muylem at utimaco.be) Date: Tue, 17 Oct 2006 15:31:20 +0200 Subject: SSL and AD Message-ID: Hi, I'm trying to use python-ldap to make an ssl connection to an Active Directory (2000) However I get always the server down error... It seems to fail at client authentication at the end.... Can anyone help? Thanks, Geert Here is my code: import sys,ldap def ConnectSSL(): ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) ldapmodule_trace_level = 1 ldapmodule_trace_file = sys.stderr # Set path name of file containing all CA certificates # needed to validate server certificates ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem') ldap.set_option(ldap.OPT_X_TLS_CERTFILE, '/home/gvm/Temp/PYSSL/endor-crt.pem') ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem') # Set LDAP protocol version used ldap.protocol_version=ldap.VERSION3 lconn=ldap.initialize("ldaps://eowyn.doom.be/") lconn.simple_bind_s ('Administrator at doom.be','system') lconn.unbind_s() Here is the trace output: ldap_create ldap_url_parse_ext(ldaps://eowyn.doom.be/) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP eowyn.doom.be:636 ldap_new_socket: 5 ldap_prepare_socket: 5 ldap_connect_to_host: Trying 192.168.1.5:636 ldap_connect_timeout: fd: 5 tm: -1 async: 0 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK, issuer: /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK TLS certificate verification: depth: 0, err: 0, subject: /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be, issuer: /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server certificate request A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client certificate A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write certificate verify A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:failed in SSLv3 read finished A TLS: can't connect. ldap_err2string Traceback (most recent call last): File "", line 1, in ? File "PySSL.py", line 46, in ConnectSSL lconn.simple_bind_s ('Administrator at doom.be','system') File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 175, in simple_bind_s msgid = self.simple_bind(who,cred,serverctrls,clientctrls) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 169, in simple_bind return self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls)) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"} -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Oct 17 15:21:39 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 17 Oct 2006 15:21:39 +0200 Subject: SSL and AD In-Reply-To: References: Message-ID: <4534D8E3.8090605@stroeder.com> geert.van.muylem at utimaco.be wrote: > > ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem') Does rootca.pem contain the cert of /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK? Or is there also an intermediate CA? > ldap.set_option(ldap.OPT_X_TLS_CERTFILE, > '/home/gvm/Temp/PYSSL/endor-crt.pem') > > ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem') Are you sure AD is configured to allow SSL client authentication? > lconn=ldap.initialize("ldaps://eowyn.doom.be/") > lconn.simple_bind_s ('Administrator at doom.be','system') > lconn.unbind_s() Seems ok. But I hope you know that using the UPN instead of a bind DB with simple_bind_s() is proprietary feature of MS AD. Ciao, Michael. From geert.van.muylem at utimaco.be Tue Oct 17 16:03:19 2006 From: geert.van.muylem at utimaco.be (geert.van.muylem at utimaco.be) Date: Tue, 17 Oct 2006 16:03:19 +0200 Subject: SSL and AD In-Reply-To: <4534D8E3.8090605@stroeder.com> Message-ID: Hi, - rootca.pem contains the self-signed root certificate (/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK) - I'm not 100% sure if the AD allows client authentication (didn't find a place where to configure it....) but I made a small test app based on the platform sdk and I had to import a client key first into windows...When I didn't do that, I also got the server down error. So I supposed that client authentication was required... thanks and regards, Geert PS My test environment: SuSE 10.1 python: 2.4.2-18 python-ldap: 2.0.11-14 Michael Str?der 10/17/2006 03:21 PM To: geert.van.muylem at utimaco.be cc: python-ldap-dev at lists.sourceforge.net Subject: Re: SSL and AD geert.van.muylem at utimaco.be wrote: > > ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem') Does rootca.pem contain the cert of /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK? Or is there also an intermediate CA? > ldap.set_option(ldap.OPT_X_TLS_CERTFILE, > '/home/gvm/Temp/PYSSL/endor-crt.pem') > > ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem') Are you sure AD is configured to allow SSL client authentication? > lconn=ldap.initialize("ldaps://eowyn.doom.be/") > lconn.simple_bind_s ('Administrator at doom.be','system') > lconn.unbind_s() Seems ok. But I hope you know that using the UPN instead of a bind DB with simple_bind_s() is proprietary feature of MS AD. Ciao, Michael. -------------- next part -------------- An HTML attachment was scrubbed... URL: From geert.van.muylem at utimaco.be Tue Oct 17 18:26:47 2006 From: geert.van.muylem at utimaco.be (geert.van.muylem at utimaco.be) Date: Tue, 17 Oct 2006 18:26:47 +0200 Subject: SSL and AD In-Reply-To: <4534D8E3.8090605@stroeder.com> Message-ID: Hi All, Strange things are happening: It sometimes works. I can sometime make an ssl connection with client authentication, search for some entries,,, What could be the reason? some network timeout issues? Regards, Geert Michael Str?der Sent by: python-ldap-dev-bounces at lists.sourceforge.net 10/17/2006 03:21 PM To: geert.van.muylem at utimaco.be cc: python-ldap-dev at lists.sourceforge.net Subject: Re: SSL and AD geert.van.muylem at utimaco.be wrote: > > ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem') Does rootca.pem contain the cert of /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK? Or is there also an intermediate CA? > ldap.set_option(ldap.OPT_X_TLS_CERTFILE, > '/home/gvm/Temp/PYSSL/endor-crt.pem') > > ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem') Are you sure AD is configured to allow SSL client authentication? > lconn=ldap.initialize("ldaps://eowyn.doom.be/") > lconn.simple_bind_s ('Administrator at doom.be','system') > lconn.unbind_s() Seems ok. But I hope you know that using the UPN instead of a bind DB with simple_bind_s() is proprietary feature of MS AD. Ciao, Michael. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Oct 17 18:18:19 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 17 Oct 2006 18:18:19 +0200 Subject: SSL and AD In-Reply-To: References: Message-ID: <4535024B.1070104@stroeder.com> geert.van.muylem at utimaco.be wrote: > > Strange things are happening: It sometimes works. Hmm, this kind of error we all like most... ;-) > I can sometime make an > ssl connection with client authentication, > search for some entries,,, Could you please verify that your connection always works on command-line without python-ldap? openssl s_client ... Ciao, Michael. From michael at stroeder.com Tue Oct 17 18:18:19 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 17 Oct 2006 18:18:19 +0200 Subject: SSL and AD In-Reply-To: References: Message-ID: <4535024B.1070104@stroeder.com> geert.van.muylem at utimaco.be wrote: > > Strange things are happening: It sometimes works. Hmm, this kind of error we all like most... ;-) > I can sometime make an > ssl connection with client authentication, > search for some entries,,, Could you please verify that your connection always works on command-line without python-ldap? openssl s_client ... Ciao, Michael. From geert.van.muylem at utimaco.be Tue Oct 17 19:03:04 2006 From: geert.van.muylem at utimaco.be (geert.van.muylem at utimaco.be) Date: Tue, 17 Oct 2006 19:03:04 +0200 Subject: SSL and AD In-Reply-To: <4535024B.1070104@stroeder.com> Message-ID: Hi Michael, Here is the result with openssl. It also "sometimes" work... gvm at endor:~/Temp/PYSSL> openssl s_client -connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert /home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem CONNECTED(00000003) depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK verify return:1 depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be verify return:1 15313:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: gvm at endor:~/Temp/PYSSL> openssl s_client -connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert /home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem CONNECTED(00000003) depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK verify return:1 depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be verify return:1 15318:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: gvm at endor:~/Temp/PYSSL> openssl s_client -connect 192.168.1.5:636 -CAfile /home/gvm/Temp/PYSSL/rootca.pem -cert /home/gvm/Temp/PYSSL/endor-crt.pem -key /home/gvm/Temp/PYSSL/endor-key.pem CONNECTED(00000003) depth=1 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK verify return:1 depth=0 /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be verify return:1 --- Certificate chain 0 s:/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be i:/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK --- Server certificate -----BEGIN CERTIFICATE----- MIICjDCCAfWgAwIBAgIBHDANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJCRTEU MBIGA1UEBxMLSG9vZ3N0cmF0ZW4xEDAOBgNVBAoTB0NBVHJ1c3QxDDAKBgNVBAsT A1BLSTEPMA0GA1UEAwwGQ0FTX1NLMB4XDTA2MTAxNzEwNDk1NVoXDTA3MTAxNzEw NDk1NVowWzELMAkGA1UEBhMCQkUxFDASBgNVBAcTC0hvb2dzdHJhdGVuMRAwDgYD VQQKEwdDQVRydXN0MQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMTDWVvd3luLmRvb20u YmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6pGS7FO76CcZuDBOtwso5+ H1Sr/9hfDy2Cymp0gLixW1Fga5xdsO+hiV255NDiI2jQHvjP/FloThEp5UzJVwTY lvT50APyGl1f2g/Akv8eqvK12TyOAtGwuj8SXzayyEzsWtzlN2NFnlWEKJc0qh6Q l2UmDo/ggGxJBxxlfBkNAgMBAAGjZzBlMB8GA1UdIwQYMBaAFDhp/FYUPtJVxyCc 64ksf3y38HKIMB0GA1UdDgQWBBQ/g+qO3W1SDxsEJu86QgEzTrZAVDAOBgNVHQ8B Af8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEA ASmsG3ltOTkUJWv5zlTSZ69sr9hSjOeSC+wqiKFI0fqmbbcMkiDdxp+olwZwE3LM RGwg9KXU4MZjQsMbDPoySPqDvHh4LlDOeMx8SVqvfQxQa/SnOYIGtONl3CosVe81 P19ynZeq4z+QzubR4F1Is3dqYqL9zYi0k4z2F0pXixA= -----END CERTIFICATE----- subject=/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=eowyn.doom.be issuer=/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK --- Acceptable client certificate CA names /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail CA/emailAddress=personal-freemail at thawte.com /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Premium CA/emailAddress=personal-premium at thawte.com /C=US/O=First Data Digital Certificates Inc./CN=First Data Digital Certificates Inc. Certification Authority /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Basic CA/emailAddress=personal-basic at thawte.com /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=GTE Corporation/CN=GTE CyberTrust Root /C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=EOWYN CA /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root --- SSL handshake has read 3261 bytes and written 1781 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 830A000079AD969762D5CA1CC27D874EADB5777B7F9AF5A191900602703F0F9B Session-ID-ctx: Master-Key: 2D17CCBF98E9610A5043C5348A5551717846756EFAE04734239A1DBA6D044788D3A34E7074E108CD12D1364586B2405E Key-Arg : None Start Time: 1161103751 Timeout : 300 (sec) Verify return code: 0 (ok) --- read:errno=0 gvm at endor:~/Temp/PYSSL> Thanks, Geert Michael Str?der Sent by: python-ldap-dev-bounces at lists.sourceforge.net 10/17/2006 06:18 PM To: geert.van.muylem at utimaco.be cc: python-ldap-dev at lists.sourceforge.net Subject: Re: SSL and AD geert.van.muylem at utimaco.be wrote: > > Strange things are happening: It sometimes works. Hmm, this kind of error we all like most... ;-) > I can sometime make an > ssl connection with client authentication, > search for some entries,,, Could you please verify that your connection always works on command-line without python-ldap? openssl s_client ... Ciao, Michael. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Oct 17 19:35:21 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 17 Oct 2006 19:35:21 +0200 Subject: SSL and AD In-Reply-To: References: Message-ID: <45351459.1020901@stroeder.com> geert.van.muylem at utimaco.be wrote: > > Here is the result with openssl. It also "sometimes" work... So this is not related to python-ldap at all... Ciao, Michael. From geert.van.muylem at utimaco.be Wed Oct 18 11:10:22 2006 From: geert.van.muylem at utimaco.be (geert.van.muylem at utimaco.be) Date: Wed, 18 Oct 2006 11:10:22 +0200 Subject: SSL and AD In-Reply-To: <45351459.1020901@stroeder.com> Message-ID: Hello, Is it possible to enforce the sslv2 protocol to be used in the ssl connection ? (In this case it also works with openssl....) Regards, Geert Michael Str?der Sent by: python-ldap-dev-bounces at lists.sourceforge.net 10/17/2006 07:35 PM To: geert.van.muylem at utimaco.be cc: python-ldap-dev at lists.sourceforge.net Subject: Re: SSL and AD geert.van.muylem at utimaco.be wrote: > > Here is the result with openssl. It also "sometimes" work... So this is not related to python-ldap at all... Ciao, Michael. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Wed Oct 18 11:40:49 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 18 Oct 2006 11:40:49 +0200 Subject: SSL and AD In-Reply-To: References: Message-ID: <4535F6A1.7010402@stroeder.com> geert.van.muylem at utimaco.be wrote: > > Is it possible to enforce the sslv2 protocol to be used in the ssl > connection ? > (In this case it also works with openssl....) These fairly new TLS options of the OpenLDAP API are not supported in python-ldap yet. But for security reasons you really should avoid using SSLv2! You definitely don't want it! It's deprecated for good reasons. Maybe ask your colleagues why. ;-) Ciao, Michael. From jboone01 at bcuc.ac.uk Wed Oct 25 17:19:29 2006 From: jboone01 at bcuc.ac.uk (Jim Boone) Date: Wed, 25 Oct 2006 16:19:29 +0100 Subject: Fatal errors on bind Message-ID: <453F8081.5090600@bcuc.ac.uk> Hi Guys, I know this is a dumb question, but I'm stuck! I have a python cgi script driven off a web form, works fine as long as the credentials are correct for l.simple_bind, however if the wrong password is entered it fatals with: Traceback (most recent call last): File "password.py", line 83, in ? l.modify_s(dn,password) File "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 285, in modify_s self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 385, in result return self._ldap_call(self._l.result,msgid,all,timeout) File "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) ldap.OTHER: {'info': 'NDS error: access denied (-168)', 'desc': 'Internal (implementation specific) error'} Surely it should return a failed code of some description? Obviously its a Netware service, but other LDAP applications don't die under these circumstances, so it must be crappy coding, l.simple_bind(dn,password) thats my bind line, I then carry on with some LDAP modify operations on that user, should this be written differently? Cheers for any input! Jim From d at adaptive-enterprises.com.au Thu Oct 26 11:46:00 2006 From: d at adaptive-enterprises.com.au (David Leonard) Date: Thu, 26 Oct 2006 19:46:00 +1000 Subject: Fatal errors on bind In-Reply-To: <453F8081.5090600@bcuc.ac.uk> References: <453F8081.5090600@bcuc.ac.uk> Message-ID: <454083D8.30108@adaptive-enterprises.com.au> Jim Boon wrote: > Dear Mod, ignore that email, i just spotted it it's in the modify bit! Doh! but ... it was too late! (sorry, jim) David Leonard (itinerant moderator) Jim Boone wrote: > Hi Guys, I know this is a dumb question, but I'm stuck! > > I have a python cgi script driven off a web form, works fine as long as > the credentials are correct for l.simple_bind, however if the wrong > password is entered it fatals with: > > > Traceback (most recent call last): File "password.py", line 83, in > ? l.modify_s(dn,password) File > "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 285, > in modify_s self.result(msgid,all=1,timeout=self.timeout) File > "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 385, > in result return self._ldap_call(self._l.result,msgid,all,timeout) > File "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line > 94, in _ldap_call result = func(*args,**kwargs) ldap.OTHER: > {'info': 'NDS error: access denied (-168)', 'desc': 'Internal > (implementation specific) error'} > > > Surely it should return a failed code of some description? Obviously its > a Netware service, but other LDAP applications don't die under these > circumstances, so it must be crappy coding, > > l.simple_bind(dn,password) > > thats my bind line, I then carry on with some LDAP modify operations on > that user, should this be written differently? > > Cheers for any input! > -- David Leonard d at adaptive-enterprises.com.au Ph:+61 404 844 850 From jboone01 at bcuc.ac.uk Thu Oct 26 12:44:28 2006 From: jboone01 at bcuc.ac.uk (Jim Boone) Date: Thu, 26 Oct 2006 11:44:28 +0100 Subject: LDAP bind results failing Message-ID: <4540918C.9010800@bcuc.ac.uk> Hi gang, Ok, first time I've needed to test a bind, whats wrong with it? l = ldap.initialize("ldaps://server:636",trace_level=2) l.protocol_version = 3 do a bind a know user, then bounce out the dn for the proper bind. Thats all good, can thet attributes out and play with happily, I then need to test the users credentials against ldap in order to then run an LDAP modify on some attributes, I'm using: try: l.simple_bind(dn,oldpass) valid=True except ldap.LDAPError, e: valid=False if valid: print "****************valid****************" else: print "--------------- nope ----------------" with the latter being my debug code obviously It always returns valid, even though with the wrong credentials I can see the rejection on the LDAP server. LDAP server is Netware, I have a PERL script which runs against it which does return an 'unauthorized' result..... Please Lord, don't make me write this in PERL! Surely this must be straight forward and I'm missing something?? Cheers Jim -- Jim Boone -------------------------------------------- Buckinghamshire Chilterns University College R&D Manager - Information and Communication Technologies Tel: 01494 522141 ext 3569 The myth that Bill Gates has appeared like a knight in shining armor to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place, and continues to do so today. ~Douglas Adams~ From michael at stroeder.com Thu Oct 26 13:19:35 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 26 Oct 2006 13:19:35 +0200 Subject: LDAP bind results failing In-Reply-To: <4540918C.9010800@bcuc.ac.uk> References: <4540918C.9010800@bcuc.ac.uk> Message-ID: <454099C7.2060609@stroeder.com> Jim Boone wrote: > > l = ldap.initialize("ldaps://server:636",trace_level=2) It would probably help to see the debug log since you already set the trace level. But overwrite your passwords in there! Ciao, Michael. From michael at stroeder.com Thu Oct 26 13:46:00 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 26 Oct 2006 13:46:00 +0200 Subject: LDAP bind results failing In-Reply-To: <4540918C.9010800@bcuc.ac.uk> References: <4540918C.9010800@bcuc.ac.uk> Message-ID: <45409FF8.3060406@stroeder.com> Jim, please stay on the python-ldap-dev mailing list (again Cc:-ed) with your responses so others can comment as well! Jim Boone wrote: > l.simple_bind(dn,oldpass) > valid=True > except ldap.LDAPError, e: > valid=False > if valid: > print "****************valid****************" > else: > print "--------------- nope ----------------" You probably want to use the synchronous method l.simple_bind_s(dn,oldpass). simple_bind() returns just a message ID which you have pass to result(). Ciao, Michael. From jboone01 at bcuc.ac.uk Thu Oct 26 14:11:15 2006 From: jboone01 at bcuc.ac.uk (Jim Boone) Date: Thu, 26 Oct 2006 13:11:15 +0100 Subject: LDAP bind results failing In-Reply-To: <45409FF8.3060406@stroeder.com> References: <4540918C.9010800@bcuc.ac.uk> <45409FF8.3060406@stroeder.com> Message-ID: <4540A5E3.40809@bcuc.ac.uk> Micheal, my apologies, I wasn't paying attention to the reply behaviour etc I intended it to be on list! That has cracked it, thanks muchly! This Python + LDAP stuff is really quite a powerful tool, and it makes me look good into the bargain ;-) Cheers Jim Michael Str?der wrote: >Jim, > >please stay on the python-ldap-dev mailing list (again Cc:-ed) with your >responses so others can comment as well! > >Jim Boone wrote: > > >>l.simple_bind(dn,oldpass) >>valid=True >>except ldap.LDAPError, e: >>valid=False >>if valid: >>print "****************valid****************" >>else: >>print "--------------- nope ----------------" >> >> > >You probably want to use the synchronous method >l.simple_bind_s(dn,oldpass). simple_bind() returns just a message ID >which you have pass to result(). > >Ciao, Michael. > > > > -- Jim Boone -------------------------------------------- Buckinghamshire Chilterns University College R&D Manager - Information and Communication Technologies Tel: 01494 522141 ext 3569 The myth that Bill Gates has appeared like a knight in shining armor to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place, and continues to do so today. ~Douglas Adams~ From roland.hedberg at adm.umu.se Fri Oct 27 17:23:46 2006 From: roland.hedberg at adm.umu.se (Roland Hedberg) Date: Fri, 27 Oct 2006 17:23:46 +0200 Subject: Exceptions Message-ID: <45422482.9000309@adm.umu.se> Hi! If you encounter a problem the raises the exception, for instance TYPE_OR_VALUE_EXISTS, and then prints the exception info, it will come out looking something like this: {'info': 'street: value #0 provided more than once', 'desc': 'Type or value exists'} Which looks like when you print a dictionary. So, is that how it's done? And if so, is there a way by which I can get at the individual pieces ? The obvious: try: .... except ldap.TYPE_OR_VALUE_EXISTS, e: print e.info doesn't work -- Roland From michael at stroeder.com Sat Oct 28 23:48:30 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sat, 28 Oct 2006 23:48:30 +0200 Subject: Exceptions In-Reply-To: <45422482.9000309@adm.umu.se> References: <45422482.9000309@adm.umu.se> Message-ID: <4543D02E.3070203@stroeder.com> Roland, Roland Hedberg wrote: > > If you encounter a problem the raises the exception, for instance > TYPE_OR_VALUE_EXISTS, and then prints the exception info, it will come > out looking something like this: > > {'info': 'street: value #0 provided more than once', 'desc': 'Type or > value exists'} > > Which looks like when you print a dictionary. It is a dictionary. > The obvious: > > try: > .... > except ldap.TYPE_OR_VALUE_EXISTS, e: > print e.info > > doesn't work Be warned: It's ugly! e.args[0]['desc'] e.args[0]['info'] I really have no clue why David implemented it in this way. Guess it has something to do with focusing on C programming. ;-) Guess it's time for another wrapper class around exceptions raised by _ldap... Ciao, Michael. From michael at stroeder.com Thu Nov 16 15:18:39 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 16 Nov 2006 15:18:39 +0100 Subject: PEP 353 - preparation for Python 2.5 In-Reply-To: <44349FDC.3010201@stroeder.com> References: <44349FDC.3010201@stroeder.com> Message-ID: <455C733F.3030804@stroeder.com> Michael Str?der wrote: > > Could someone please check python-ldap to support PEP 353 (see > http://www.python.org/dev/peps/pep-0353/) and create a patch for the > changes required? I've committed some changes regarding PEP 353. I'd be glad if someone could test python-ldap pulled from CVS on a 64-bit platform. Ciao, Michael. From rachel_florentine at yahoo.com Mon Nov 20 19:19:54 2006 From: rachel_florentine at yahoo.com (Rachel Florentine) Date: Mon, 20 Nov 2006 10:19:54 -0800 (PST) Subject: Installation Problem Message-ID: <20061120181954.24596.qmail@web57805.mail.re3.yahoo.com> Hi; I'm trying to install on Python 2.3.5/FreeBSD 6.1 but I get this error: python setup.py install running install running build running build_py error: package directory 'Lib' does not exist What do? TIA, Rachel -------------- next part -------------- An HTML attachment was scrubbed... URL: From jens at dataflake.org Mon Nov 20 19:31:18 2006 From: jens at dataflake.org (Jens Vagelpohl) Date: Mon, 20 Nov 2006 19:31:18 +0100 Subject: Installation Problem In-Reply-To: <20061120181954.24596.qmail@web57805.mail.re3.yahoo.com> References: <20061120181954.24596.qmail@web57805.mail.re3.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20 Nov 2006, at 19:19, Rachel Florentine wrote: > Hi; > I'm trying to install on Python 2.3.5/FreeBSD 6.1 but I get this > error: > > python setup.py install > running install > running build > running build_py > error: package directory 'Lib' does not exist > > What do? > TIA, > Rachel "Rachel Florentine"? How odd, you just communicated with me under the name "Nancy Donnelly". What's this all about? jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFYfR3RAx5nvEhZLIRAv6CAKCZspy7ptjdZ3kbq+HqelVpRkadrgCfTAoT hRTnkH03Jx8uUhPvRrbd80g= =fDCx -----END PGP SIGNATURE----- From michael at stroeder.com Thu Nov 23 13:16:22 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 23 Nov 2006 13:16:22 +0100 Subject: Experimental 2.2.0 Windows Build In-Reply-To: <20060905015826.GE3986@cotia> References: <20060905015826.GE3986@cotia> Message-ID: <45659116.1010504@stroeder.com> Sidnei, Sidnei da Silva wrote: > > I've managed to put together an experimental 2.2.0 build for Windows, > which can be found here: > > http://awkly.org/files/python-ldap-2.2.0.win32-py2.4.exe > > I'm admittedly not an expert in compiling stuff, so if anyone with > more expertise can double-check what I've did: > > http://awkly.org/archive/compiling-python-extensions-on-mingw/ Did you remove those URLs from your web site? I get 404... I'd really appreciate if someone would constantly maintain Win32 builds of python-ldap. Ciao, Michael. From tmclaugh at sdf.lonestar.org Sat Dec 2 04:25:04 2006 From: tmclaugh at sdf.lonestar.org (Tom McLaughlin) Date: Fri, 01 Dec 2006 22:25:04 -0500 Subject: Installation Problem In-Reply-To: <20061120181954.24596.qmail@web57805.mail.re3.yahoo.com> References: <20061120181954.24596.qmail@web57805.mail.re3.yahoo.com> Message-ID: <1165029904.1502.3.camel@localhost> On Mon, 2006-11-20 at 10:19 -0800, Rachel Florentine wrote: > Hi; > I'm trying to install on Python 2.3.5/FreeBSD 6.1 but I get this > error: > > python setup.py install > running install > running build > running build_py > error: package directory 'Lib' does not exist > > What do? > TIA, > Rachel > Just install from the FreeBSD ports tree. cd /usr/ports/net/py-ldap2 && make install clean tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | | BSD# http://www.mono-project.com/Mono:FreeBSD | From anilj at entic.net Tue Dec 5 05:58:32 2006 From: anilj at entic.net (Anil) Date: Mon, 04 Dec 2006 20:58:32 -0800 Subject: changing 'cn' Message-ID: <4574FC78.2070907@entic.net> If I have an entry like this: dn: cn=unique-abc, ou=people, o=isp objectclass: top ... cn: unique-abc cn: hello or dn: cn=unique-abc, ou=people, o=isp objectclass: top ... cn: unique-abc cn: hello cn: people How do I go about changing 'hello' to 'world' using modify() (or some other method)? It seems there are only ADD/DEL/REPLACE operations, which don't work in this environment. Is it possible to pass a modlist that replaces only the hello instead of replacing everything? (basically, I want to keep the RDN intact, instead just be able to make changes to non RDN values) From vela at debian.org Tue Dec 5 19:57:40 2006 From: vela at debian.org (Matej Vela) Date: Tue, 05 Dec 2006 19:57:40 +0100 Subject: PEP 353 - preparation for Python 2.5 In-Reply-To: <455C733F.3030804@stroeder.com> (Michael =?iso-8859-1?Q?Str?= =?iso-8859-1?Q?=F6der's?= message of "Thu, 16 Nov 2006 15:18:39 +0100") References: <44349FDC.3010201@stroeder.com> <455C733F.3030804@stroeder.com> Message-ID: <87d56ytbkr.fsf@kamov.cir.irb.lo> Michael Str?der writes: > Michael Str?der wrote: >> >> Could someone please check python-ldap to support PEP 353 (see >> http://www.python.org/dev/peps/pep-0353/) and create a patch for the >> changes required? > > I've committed some changes regarding PEP 353. I'd be glad if someone > could test python-ldap pulled from CVS on a 64-bit platform. A couple of fixes attached: * More instances of s/int/Py_ssize_t/ (some of these are unlikely to matter in practice, but might make automated testing easier). * Define PY_SSIZE_T_CLEAN before including to get the new semantics for 's#' and 't#'. I've put this in Modules/common.h, and included that instead of from the rest of the code. Other than that, seems to work fine on IA64. Cheers, Matej -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: pep-0353.diff URL: From michael at stroeder.com Tue Dec 5 20:50:39 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 05 Dec 2006 20:50:39 +0100 Subject: PEP 353 - preparation for Python 2.5 In-Reply-To: <87d56ytbkr.fsf@kamov.cir.irb.lo> References: <44349FDC.3010201@stroeder.com> <455C733F.3030804@stroeder.com> <87d56ytbkr.fsf@kamov.cir.irb.lo> Message-ID: <4575CD8F.2090005@stroeder.com> Matej Vela wrote: > Michael Str?der writes: > >>Michael Str?der wrote: >> >>>Could someone please check python-ldap to support PEP 353 (see >>>http://www.python.org/dev/peps/pep-0353/) and create a patch for the >>>changes required? >> >>I've committed some changes regarding PEP 353. I'd be glad if someone >>could test python-ldap pulled from CVS on a 64-bit platform. > > A couple of fixes attached: Is the patch against CVS HEAD? Ciao, Michael. From michael at stroeder.com Tue Dec 5 20:54:38 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 05 Dec 2006 20:54:38 +0100 Subject: changing 'cn' In-Reply-To: <4574FC78.2070907@entic.net> References: <4574FC78.2070907@entic.net> Message-ID: <4575CE7E.8050401@stroeder.com> Anil wrote: > If I have an entry like this: > > dn: cn=unique-abc, ou=people, o=isp > objectclass: top > ... > cn: unique-abc > cn: hello > [..] > How do I go about changing 'hello' to 'world' using modify() (or some > other method)? > > It seems there are only ADD/DEL/REPLACE operations, which don't work in > this environment. Is it possible to pass a modlist that replaces only > the hello instead of replacing everything? > > (basically, I want to keep the RDN intact, instead just be able to make > changes to non RDN values) In this case, since 'cn' is of syntax DirectoryString for which probably an equality matching is implemented in your server, you can explicitly remove 'hello' and add 'world'. l.modify_s(dn,[('cn',ldap.MOD_DELETE,['hello']),('cn',ldap.MOD_ADD,['world'])]) Ciao, Michael. From vela at debian.org Tue Dec 5 21:15:02 2006 From: vela at debian.org (Matej Vela) Date: Tue, 05 Dec 2006 21:15:02 +0100 Subject: PEP 353 - preparation for Python 2.5 In-Reply-To: <4575CD8F.2090005@stroeder.com> (Michael =?iso-8859-1?Q?Str?= =?iso-8859-1?Q?=F6der's?= message of "Tue, 05 Dec 2006 20:50:39 +0100") References: <44349FDC.3010201@stroeder.com> <455C733F.3030804@stroeder.com> <87d56ytbkr.fsf@kamov.cir.irb.lo> <4575CD8F.2090005@stroeder.com> Message-ID: <8764cqt7zt.fsf@kamov.cir.irb.lo> Michael Str?der writes: > Matej Vela wrote: >> Michael Str?der writes: >>>I've committed some changes regarding PEP 353. I'd be glad if someone >>>could test python-ldap pulled from CVS on a 64-bit platform. >> >> A couple of fixes attached: > > Is the patch against CVS HEAD? Yup. Cheers, Matej From michael at stroeder.com Wed Dec 6 08:36:34 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 06 Dec 2006 08:36:34 +0100 Subject: PEP 353 - preparation for Python 2.5 In-Reply-To: <8764cqt7zt.fsf@kamov.cir.irb.lo> References: <44349FDC.3010201@stroeder.com> <455C733F.3030804@stroeder.com> <87d56ytbkr.fsf@kamov.cir.irb.lo> <4575CD8F.2090005@stroeder.com> <8764cqt7zt.fsf@kamov.cir.irb.lo> Message-ID: <45767302.3050304@stroeder.com> Matej Vela wrote: > Michael Str?der writes: > > >>Matej Vela wrote: >> >>>Michael Str?der writes: >>> >>>>I've committed some changes regarding PEP 353. I'd be glad if someone >>>>could test python-ldap pulled from CVS on a 64-bit platform. >>> >>>A couple of fixes attached: >> >>Is the patch against CVS HEAD? > > Yup. Many thanks for contributing. I've committed it. Do you think we're through with this issue? Ciao, Michael. From vela at debian.org Wed Dec 6 12:20:43 2006 From: vela at debian.org (Matej Vela) Date: Wed, 06 Dec 2006 12:20:43 +0100 Subject: PEP 353 - preparation for Python 2.5 In-Reply-To: <45767302.3050304@stroeder.com> (Michael =?iso-8859-1?Q?Str?= =?iso-8859-1?Q?=F6der's?= message of "Wed, 06 Dec 2006 08:36:34 +0100") References: <44349FDC.3010201@stroeder.com> <455C733F.3030804@stroeder.com> <87d56ytbkr.fsf@kamov.cir.irb.lo> <4575CD8F.2090005@stroeder.com> <8764cqt7zt.fsf@kamov.cir.irb.lo> <45767302.3050304@stroeder.com> Message-ID: <878xhl9sok.fsf@kamov.cir.irb.lo> Michael Str?der writes: > Many thanks for contributing. I've committed it. > Do you think we're through with this issue? I've checked all instances of 'int' and 's#'/'z#', so I think this is it. Thanks! Matej From michael at stroeder.com Thu Dec 7 02:53:18 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 07 Dec 2006 02:53:18 +0100 Subject: FYI: python-ldap 2.3 will require OpenLDAP 2.3 libs Message-ID: <4577740E.4030205@stroeder.com> HI! Please take note that in the upcoming new release 2.3 of python-ldap only OpenLDAP libs 2.3 or newer will be officially supported. (Using version 2.3 does not mean that version numbers of both packages will be kept in line forever.) I won't test python-ldap with older OpenLDAP libs anymore. OpenLDAP 2.2 is considered historic by OpenLDAP developers for quite some time now. Ciao, Michael. From bowmanj at users.sourceforge.net Mon Dec 11 20:26:22 2006 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Mon, 11 Dec 2006 14:26:22 -0500 Subject: winldap? Message-ID: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> Greetings. I am interested in feedback from you regarding the possibility of the python-ldap project providing modules that interface with Wldap32.dll on Windows. I am currently working on some modules that do this based on the python ctypes module. I have not tried compiling python-ldap on Windows myself, but I do note that the currently available win32 binary builds do not support SASL. Would providing an interface that uses Wldap32.dll ease the pressure on the rest of you to make python-ldap work with OpenLDAP compiled on Windows? If anyone has worked on this, I would love to know how it worked for you. If you think this has potential, I would be more than happy to show you what I am working on. If it seems like something good to include in python-ldap, I will need some advice on how best to do this. Thank you, Jonathan Bowman From michael at stroeder.com Tue Dec 12 13:00:28 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 12 Dec 2006 13:00:28 +0100 Subject: winldap? In-Reply-To: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> References: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> Message-ID: <457E99DC.9090703@stroeder.com> Jonathan Bowman wrote: > > I am interested in feedback from you regarding the possibility of the > python-ldap project providing modules that interface with Wldap32.dll > on Windows. I am currently working on some modules that do this based > on the python ctypes module. > > I have not tried compiling python-ldap on Windows myself, but I do > note that the currently available win32 binary builds do not support > SASL. Would providing an interface that uses Wldap32.dll ease the > pressure on the rest of you to make python-ldap work with OpenLDAP > compiled on Windows? Jonathan, it would be helpful to also know what your personal needs are. There are several interesting aspects raised here by your proposal: 1. Provide Win32 build of python-ldap. 2. Support SASL on Win32. (But which mechanisms?) 3. Provide continuous support for python-ldap on Win32. 4. Using ctypes for implementing the C wrapper. For 1. to 3. IMHO this all can be achieved with today's python-ldap based on OpenLDAP libs. But off course there has to be someone who is familiar with building Python extension modules for Win32 preferrably with the MingW tool chain. Regarding 2.: I asked Howard Chu, OpenLDAP core developer whether it's possible to build Cyrus-SASL on Win32 based on the MingW tool chain. He said they're doing it all the time with Symas' product. Additionally one would have to clarify the situation for Kerberos libs (preferrably heimdal). Regarding 4.: I would appreciate to ease the process of adding new functions to the C wrapper part. Personally I have no experiences with ctypes. A short look at the history: In former times python-ldap, in particular the C wrapper module _ldap, already contained many ifdef statements for making it build against old Umich, Netscape and Novell LDAP libs. This was possible because most of these APIs mainly sticked to RFC 1823 with only few subtle differences. RFC 1823 was sufficient at that time. But time went on and the deficiencies of the API defined in RFC 1823 lead to Internet-draft draft-ietf-ldapext-ldap-c-api which unfortunately never made it to RFC status. Also this draft has its deficiencies but nevertheless is the defacto standard in OpenLDAP today. Quite some while ago David and me decided to throw out support for other LDAP C APIs than OpenLDAP for several reasons: 1. The OpenLDAP libs were actively developed in opposite to the other LDAP libs and implemented the extended API functions defined in draft-ietf-ldapext-ldap-c-api with some handy new arguments, like extended controls, limits and timeout values. E.g. look at declaration of ldap_search_ext() here: http://www.openldap.org/devel/cvsweb.cgi/~checkout~/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt 2. We wanted to strip down the C part because I am not a C programmer and David did not have the time to maintain python-ldap anymore. Therefore I had to make maintenance of the C part as low effort as possible. Today the C part is half of the size. 3. The LDAP C APIs diverged dramatically regarding support for SSL and SASL. This could no longer be handled by a few ifdef's. 4. The API for the Python application cannot be made completey independent of the underlying C API regarding different feature sets (also SSL and SASL) because some SASL mechs need call-back. 5. New functions appear in the OpenLDAP API every now and then (e.g. see Cancel extended operation in the upcoming python-ldap 2.3) but not in other LDAP C APIs. So how to proceed? First I don't want to hold anyone back from porting python-ldap to other LDAP C libs. But for requirements 1. to 3. instead of taking the wldap32.dll approach I'd prefer to try together to improve the situation with building OpenLDAP, Cyrus-SASL, heimdal etc. based on the MingW too chain. Shifting to ctypes is a very interesting option. Even if the C wrapper API changes we could provide a stable API to the Python applications by modifying behaviour of ldapobject.LDAPObject (and derived classes). Ciao, Michael. From rich.megginson at gmail.com Wed Dec 13 17:11:35 2006 From: rich.megginson at gmail.com (Rich Megginson) Date: Wed, 13 Dec 2006 08:11:35 -0800 Subject: winldap? In-Reply-To: <7a2b5dfb0612130512s2c807890l8f659f455bc1eacb@mail.gmail.com> References: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> <457E99DC.9090703@stroeder.com> <7a2b5dfb0612130512s2c807890l8f659f455bc1eacb@mail.gmail.com> Message-ID: <45802637.6090307@gmail.com> Jonathan Bowman wrote: > Michael, > > Thanks. Good response. I think I am looking at this possibility, in > part, "because it's there." I am simply curious about a ctypes > implementation of a Wldap32.dll pythonic interface. > > I also would love to see a python ldap interface that does not involve > compiling multiple packages (OpenLDAP, Cyrus SASL, etc.) in order for > the user to install it. This is one way of doing this, albeit only on > Windows. The Wldap32.dll library is available on any Active > Directory-aware Windows machine, from Windows 95 on up. This library > seems to provide variety and strength of functionality. See: > > http://msdn2.microsoft.com/en-us/library/aa366112.aspx > > Another subpoint of this: I think on Windows there is a concern > regarding ease of installation of a package that is really > Unix-biased. On a Linux system, for instance, the distribution often > has debs or rpms that easily install needed binary executables and > libraries. BSD has ports. Mac has Fink. OpenLDAP, Cyrus SASL, OpenSSL > and even Python-ldap are either standard or easily installed from the > distribution repositories. The Windows equivalents of these libraries > that Unix systems take for granted are the system dlls, like > Wldap32.dll. It is already there, with the needed functionality. > Does wldap32.dll provide SSL/TLS? Are additional DLLs required for that? Are they present on every Windows install? What about SASL/GSSAPI? These are, IMHO, essential parts of any reasonable LDAP client. In this day and age, every LDAP client must be able to use startTLS, Digest-MD5, and Kerberos auth. > Ideally, I think a pure-python implementation of python-ldap is > desirable (with less bloat than Twisted+ldaptor, perhaps). That would entail a pure python LDAP layer, LDIF parsing layer, BER codec layer, as well as a pure SSL layer and a pure SASL/GSSAPI layer. For one, doing all of this in pure python would have a seriously negative impact on the performance. For two, this would be duplicating all of the work already done to make this all work very well in C (e.g. doing SSL is Hard - doing SASL/GSSAPI is Hard - doing BER and LDAP is somewhat easier, but why reinvent the wheel?). > Until then, > would the thing I am describing be something helpful? > Yes. It makes sense to leverage as much of the OS resources as possible. One of the problems with this approach is that wldap32 does not provide all of the functionality that python-ldap expects to be present in the underlying ldap library layer (e.g. schema parsing, probabliy more). So this approach would result in a somewhat "crippled" (but perhaps very useful nonetheless) python-ldap. As well as the aforementioned SSL and SASL concerns. > Anyway, these are some thoughts for further discussion. At this point, > I am open to applying energy in any direction that makes python-ldap > more Windows-friendly, as long as I have the know-how (and the time!). > > Regards, > Jonathan Bowman > > > > On 12/12/06, Michael Str?der wrote: > >> Jonathan Bowman wrote: >> >>> I am interested in feedback from you regarding the possibility of the >>> python-ldap project providing modules that interface with Wldap32.dll >>> on Windows. I am currently working on some modules that do this based >>> on the python ctypes module. >>> >>> I have not tried compiling python-ldap on Windows myself, but I do >>> note that the currently available win32 binary builds do not support >>> SASL. Would providing an interface that uses Wldap32.dll ease the >>> pressure on the rest of you to make python-ldap work with OpenLDAP >>> compiled on Windows? >>> >> Jonathan, it would be helpful to also know what your personal needs are. >> >> There are several interesting aspects raised here by your proposal: >> >> 1. Provide Win32 build of python-ldap. >> >> 2. Support SASL on Win32. (But which mechanisms?) >> >> 3. Provide continuous support for python-ldap on Win32. >> >> 4. Using ctypes for implementing the C wrapper. >> >> For 1. to 3. IMHO this all can be achieved with today's python-ldap >> based on OpenLDAP libs. But off course there has to be someone who is >> familiar with building Python extension modules for Win32 preferrably >> with the MingW tool chain. >> >> Regarding 2.: >> I asked Howard Chu, OpenLDAP core developer whether it's possible to >> build Cyrus-SASL on Win32 based on the MingW tool chain. He said they're >> doing it all the time with Symas' product. Additionally one would have >> to clarify the situation for Kerberos libs (preferrably heimdal). >> >> Regarding 4.: >> I would appreciate to ease the process of adding new functions to the C >> wrapper part. Personally I have no experiences with ctypes. >> >> A short look at the history: >> >> In former times python-ldap, in particular the C wrapper module _ldap, >> already contained many ifdef statements for making it build against old >> Umich, Netscape and Novell LDAP libs. This was possible because most of >> these APIs mainly sticked to RFC 1823 with only few subtle differences. >> >> RFC 1823 was sufficient at that time. But time went on and the >> deficiencies of the API defined in RFC 1823 lead to Internet-draft >> draft-ietf-ldapext-ldap-c-api which unfortunately never made it to RFC >> status. Also this draft has its deficiencies but nevertheless is the >> defacto standard in OpenLDAP today. >> >> Quite some while ago David and me decided to throw out support for other >> LDAP C APIs than OpenLDAP for several reasons: >> >> 1. The OpenLDAP libs were actively developed in opposite to the other >> LDAP libs and implemented the extended API functions defined in >> draft-ietf-ldapext-ldap-c-api with some handy new arguments, like >> extended controls, limits and timeout values. E.g. look at declaration >> of ldap_search_ext() here: >> >> http://www.openldap.org/devel/cvsweb.cgi/~checkout~/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt >> >> 2. We wanted to strip down the C part because I am not a C programmer >> and David did not have the time to maintain python-ldap anymore. >> Therefore I had to make maintenance of the C part as low effort as >> possible. Today the C part is half of the size. >> >> 3. The LDAP C APIs diverged dramatically regarding support for SSL and >> SASL. This could no longer be handled by a few ifdef's. >> >> 4. The API for the Python application cannot be made completey >> independent of the underlying C API regarding different feature sets >> (also SSL and SASL) because some SASL mechs need call-back. >> >> 5. New functions appear in the OpenLDAP API every now and then (e.g. see >> Cancel extended operation in the upcoming python-ldap 2.3) but not in >> other LDAP C APIs. >> >> So how to proceed? >> >> First I don't want to hold anyone back from porting python-ldap to other >> LDAP C libs. But for requirements 1. to 3. instead of taking the >> wldap32.dll approach I'd prefer to try together to improve the situation >> with building OpenLDAP, Cyrus-SASL, heimdal etc. based on the MingW too >> chain. >> >> Shifting to ctypes is a very interesting option. Even if the C wrapper >> API changes we could provide a stable API to the Python applications by >> modifying behaviour of ldapobject.LDAPObject (and derived classes). >> >> Ciao, Michael. >> >> > > From bowmanj at users.sourceforge.net Wed Dec 13 17:19:49 2006 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Wed, 13 Dec 2006 11:19:49 -0500 Subject: winldap? In-Reply-To: <45802637.6090307@gmail.com> References: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> <457E99DC.9090703@stroeder.com> <7a2b5dfb0612130512s2c807890l8f659f455bc1eacb@mail.gmail.com> <45802637.6090307@gmail.com> Message-ID: <7a2b5dfb0612130819s53f7b8efub43601d1c8e37a29@mail.gmail.com> Good points. Wldap32.dll does do ssl and sasl easily. TLS I am still trying to figure out. I am open to pointers on how to make SASL work for python-ldap on Windows. I know it is possible with mingw, theoretically. Do I really need to compile OpenLDAP using cygwin, with a mingw target? I have been functioning fine without MSYS. I guess it is time to give in. BTW, does python-ldap use OpenLDAP for schema parsing, or does it implement this in pure python? I thought I understood correctly that ldap.schema is all python. Regards, Jonathan Bowman On 12/13/06, Rich Megginson wrote: > Does wldap32.dll provide SSL/TLS? Are additional DLLs required for > that? Are they present on every Windows install? What about > SASL/GSSAPI? These are, IMHO, essential parts of any reasonable LDAP > client. In this day and age, every LDAP client must be able to use > startTLS, Digest-MD5, and Kerberos auth. > > Ideally, I think a pure-python implementation of python-ldap is > > desirable (with less bloat than Twisted+ldaptor, perhaps). > That would entail a pure python LDAP layer, LDIF parsing layer, BER > codec layer, as well as a pure SSL layer and a pure SASL/GSSAPI layer. > For one, doing all of this in pure python would have a seriously > negative impact on the performance. For two, this would be duplicating > all of the work already done to make this all work very well in C (e.g. > doing SSL is Hard - doing SASL/GSSAPI is Hard - doing BER and LDAP is > somewhat easier, but why reinvent the wheel?). > > Until then, > > would the thing I am describing be something helpful? > > > Yes. It makes sense to leverage as much of the OS resources as > possible. One of the problems with this approach is that wldap32 does > not provide all of the functionality that python-ldap expects to be > present in the underlying ldap library layer (e.g. schema parsing, > probabliy more). So this approach would result in a somewhat "crippled" > (but perhaps very useful nonetheless) python-ldap. As well as the > aforementioned SSL and SASL concerns. > > Anyway, these are some thoughts for further discussion. At this point, > > I am open to applying energy in any direction that makes python-ldap > > more Windows-friendly, as long as I have the know-how (and the time!). > > > > Regards, > > Jonathan Bowman > > > > > > > > On 12/12/06, Michael Str?der wrote: > > > >> Jonathan Bowman wrote: > >> > >>> I am interested in feedback from you regarding the possibility of the > >>> python-ldap project providing modules that interface with Wldap32.dll > >>> on Windows. I am currently working on some modules that do this based > >>> on the python ctypes module. > >>> > >>> I have not tried compiling python-ldap on Windows myself, but I do > >>> note that the currently available win32 binary builds do not support > >>> SASL. Would providing an interface that uses Wldap32.dll ease the > >>> pressure on the rest of you to make python-ldap work with OpenLDAP > >>> compiled on Windows? > >>> > >> Jonathan, it would be helpful to also know what your personal needs are. > >> > >> There are several interesting aspects raised here by your proposal: > >> > >> 1. Provide Win32 build of python-ldap. > >> > >> 2. Support SASL on Win32. (But which mechanisms?) > >> > >> 3. Provide continuous support for python-ldap on Win32. > >> > >> 4. Using ctypes for implementing the C wrapper. > >> > >> For 1. to 3. IMHO this all can be achieved with today's python-ldap > >> based on OpenLDAP libs. But off course there has to be someone who is > >> familiar with building Python extension modules for Win32 preferrably > >> with the MingW tool chain. > >> > >> Regarding 2.: > >> I asked Howard Chu, OpenLDAP core developer whether it's possible to > >> build Cyrus-SASL on Win32 based on the MingW tool chain. He said they're > >> doing it all the time with Symas' product. Additionally one would have > >> to clarify the situation for Kerberos libs (preferrably heimdal). > >> > >> Regarding 4.: > >> I would appreciate to ease the process of adding new functions to the C > >> wrapper part. Personally I have no experiences with ctypes. > >> > >> A short look at the history: > >> > >> In former times python-ldap, in particular the C wrapper module _ldap, > >> already contained many ifdef statements for making it build against old > >> Umich, Netscape and Novell LDAP libs. This was possible because most of > >> these APIs mainly sticked to RFC 1823 with only few subtle differences. > >> > >> RFC 1823 was sufficient at that time. But time went on and the > >> deficiencies of the API defined in RFC 1823 lead to Internet-draft > >> draft-ietf-ldapext-ldap-c-api which unfortunately never made it to RFC > >> status. Also this draft has its deficiencies but nevertheless is the > >> defacto standard in OpenLDAP today. > >> > >> Quite some while ago David and me decided to throw out support for other > >> LDAP C APIs than OpenLDAP for several reasons: > >> > >> 1. The OpenLDAP libs were actively developed in opposite to the other > >> LDAP libs and implemented the extended API functions defined in > >> draft-ietf-ldapext-ldap-c-api with some handy new arguments, like > >> extended controls, limits and timeout values. E.g. look at declaration > >> of ldap_search_ext() here: > >> > >> http://www.openldap.org/devel/cvsweb.cgi/~checkout~/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt > >> > >> 2. We wanted to strip down the C part because I am not a C programmer > >> and David did not have the time to maintain python-ldap anymore. > >> Therefore I had to make maintenance of the C part as low effort as > >> possible. Today the C part is half of the size. > >> > >> 3. The LDAP C APIs diverged dramatically regarding support for SSL and > >> SASL. This could no longer be handled by a few ifdef's. > >> > >> 4. The API for the Python application cannot be made completey > >> independent of the underlying C API regarding different feature sets > >> (also SSL and SASL) because some SASL mechs need call-back. > >> > >> 5. New functions appear in the OpenLDAP API every now and then (e.g. see > >> Cancel extended operation in the upcoming python-ldap 2.3) but not in > >> other LDAP C APIs. > >> > >> So how to proceed? > >> > >> First I don't want to hold anyone back from porting python-ldap to other > >> LDAP C libs. But for requirements 1. to 3. instead of taking the > >> wldap32.dll approach I'd prefer to try together to improve the situation > >> with building OpenLDAP, Cyrus-SASL, heimdal etc. based on the MingW too > >> chain. > >> > >> Shifting to ctypes is a very interesting option. Even if the C wrapper > >> API changes we could provide a stable API to the Python applications by > >> modifying behaviour of ldapobject.LDAPObject (and derived classes). > >> > >> Ciao, Michael. > >> > >> > > > > From michael at stroeder.com Wed Dec 13 20:24:48 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 13 Dec 2006 20:24:48 +0100 Subject: winldap? In-Reply-To: <7a2b5dfb0612130819s53f7b8efub43601d1c8e37a29@mail.gmail.com> References: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> <457E99DC.9090703@stroeder.com> <7a2b5dfb0612130512s2c807890l8f659f455bc1eacb@mail.gmail.com> <45802637.6090307@gmail.com> <7a2b5dfb0612130819s53f7b8efub43601d1c8e37a29@mail.gmail.com> Message-ID: <45805380.1080103@stroeder.com> Jonathan Bowman wrote: > > BTW, does python-ldap use OpenLDAP for schema parsing, or does it > implement this in pure python? I thought I understood correctly that > ldap.schema is all python. Yes, ldap.schema is currently pure Python. Also the modules ldif, ldapurl, ldap.filter, ldap.dn, ldap.modlist, ldap.cidict, dsml. But ldif is much slower than the most recent version of OpenLDAP LDIF parser. And for performance I might re-enable the existing C wrapper for schema parsing. Similar to automagically importing pickle or cPickle, StringIO or cStringIO depending on availability. Ciao, Michael. From bowmanj at users.sourceforge.net Wed Dec 13 14:12:34 2006 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Wed, 13 Dec 2006 08:12:34 -0500 Subject: winldap? In-Reply-To: <457E99DC.9090703@stroeder.com> References: <7a2b5dfb0612111126g6d631561k3fb9edfa8c1176a8@mail.gmail.com> <457E99DC.9090703@stroeder.com> Message-ID: <7a2b5dfb0612130512s2c807890l8f659f455bc1eacb@mail.gmail.com> Michael, Thanks. Good response. I think I am looking at this possibility, in part, "because it's there." I am simply curious about a ctypes implementation of a Wldap32.dll pythonic interface. I also would love to see a python ldap interface that does not involve compiling multiple packages (OpenLDAP, Cyrus SASL, etc.) in order for the user to install it. This is one way of doing this, albeit only on Windows. The Wldap32.dll library is available on any Active Directory-aware Windows machine, from Windows 95 on up. This library seems to provide variety and strength of functionality. See: http://msdn2.microsoft.com/en-us/library/aa366112.aspx Another subpoint of this: I think on Windows there is a concern regarding ease of installation of a package that is really Unix-biased. On a Linux system, for instance, the distribution often has debs or rpms that easily install needed binary executables and libraries. BSD has ports. Mac has Fink. OpenLDAP, Cyrus SASL, OpenSSL and even Python-ldap are either standard or easily installed from the distribution repositories. The Windows equivalents of these libraries that Unix systems take for granted are the system dlls, like Wldap32.dll. It is already there, with the needed functionality. Ideally, I think a pure-python implementation of python-ldap is desirable (with less bloat than Twisted+ldaptor, perhaps). Until then, would the thing I am describing be something helpful? Anyway, these are some thoughts for further discussion. At this point, I am open to applying energy in any direction that makes python-ldap more Windows-friendly, as long as I have the know-how (and the time!). Regards, Jonathan Bowman On 12/12/06, Michael Str?der wrote: > Jonathan Bowman wrote: > > > > I am interested in feedback from you regarding the possibility of the > > python-ldap project providing modules that interface with Wldap32.dll > > on Windows. I am currently working on some modules that do this based > > on the python ctypes module. > > > > I have not tried compiling python-ldap on Windows myself, but I do > > note that the currently available win32 binary builds do not support > > SASL. Would providing an interface that uses Wldap32.dll ease the > > pressure on the rest of you to make python-ldap work with OpenLDAP > > compiled on Windows? > > Jonathan, it would be helpful to also know what your personal needs are. > > There are several interesting aspects raised here by your proposal: > > 1. Provide Win32 build of python-ldap. > > 2. Support SASL on Win32. (But which mechanisms?) > > 3. Provide continuous support for python-ldap on Win32. > > 4. Using ctypes for implementing the C wrapper. > > For 1. to 3. IMHO this all can be achieved with today's python-ldap > based on OpenLDAP libs. But off course there has to be someone who is > familiar with building Python extension modules for Win32 preferrably > with the MingW tool chain. > > Regarding 2.: > I asked Howard Chu, OpenLDAP core developer whether it's possible to > build Cyrus-SASL on Win32 based on the MingW tool chain. He said they're > doing it all the time with Symas' product. Additionally one would have > to clarify the situation for Kerberos libs (preferrably heimdal). > > Regarding 4.: > I would appreciate to ease the process of adding new functions to the C > wrapper part. Personally I have no experiences with ctypes. > > A short look at the history: > > In former times python-ldap, in particular the C wrapper module _ldap, > already contained many ifdef statements for making it build against old > Umich, Netscape and Novell LDAP libs. This was possible because most of > these APIs mainly sticked to RFC 1823 with only few subtle differences. > > RFC 1823 was sufficient at that time. But time went on and the > deficiencies of the API defined in RFC 1823 lead to Internet-draft > draft-ietf-ldapext-ldap-c-api which unfortunately never made it to RFC > status. Also this draft has its deficiencies but nevertheless is the > defacto standard in OpenLDAP today. > > Quite some while ago David and me decided to throw out support for other > LDAP C APIs than OpenLDAP for several reasons: > > 1. The OpenLDAP libs were actively developed in opposite to the other > LDAP libs and implemented the extended API functions defined in > draft-ietf-ldapext-ldap-c-api with some handy new arguments, like > extended controls, limits and timeout values. E.g. look at declaration > of ldap_search_ext() here: > > http://www.openldap.org/devel/cvsweb.cgi/~checkout~/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt > > 2. We wanted to strip down the C part because I am not a C programmer > and David did not have the time to maintain python-ldap anymore. > Therefore I had to make maintenance of the C part as low effort as > possible. Today the C part is half of the size. > > 3. The LDAP C APIs diverged dramatically regarding support for SSL and > SASL. This could no longer be handled by a few ifdef's. > > 4. The API for the Python application cannot be made completey > independent of the underlying C API regarding different feature sets > (also SSL and SASL) because some SASL mechs need call-back. > > 5. New functions appear in the OpenLDAP API every now and then (e.g. see > Cancel extended operation in the upcoming python-ldap 2.3) but not in > other LDAP C APIs. > > So how to proceed? > > First I don't want to hold anyone back from porting python-ldap to other > LDAP C libs. But for requirements 1. to 3. instead of taking the > wldap32.dll approach I'd prefer to try together to improve the situation > with building OpenLDAP, Cyrus-SASL, heimdal etc. based on the MingW too > chain. > > Shifting to ctypes is a very interesting option. Even if the C wrapper > API changes we could provide a stable API to the Python applications by > modifying behaviour of ldapobject.LDAPObject (and derived classes). > > Ciao, Michael. > From geert.van.muylem at aachen.utimaco.de Sun Dec 17 00:53:59 2006 From: geert.van.muylem at aachen.utimaco.de (geert.van.muylem at aachen.utimaco.de) Date: Sun, 17 Dec 2006 00:53:59 +0100 Subject: crash in PyImport_Import Message-ID: Hi All, I'm trying to run an application (on a hardened linux) which is using embedded python. The called python script is using the python-ldap module... This application now crashes when calling the PyImport_Import()... If I use however a script which does not import the ldap module, everything works fine: no crash in this api! Calling the script with the interpreter works also fine (I can do search on an ldap server with python...) Anyone any idea what could be wrong.? Thanks in advance, Geert -------------- next part -------------- An HTML attachment was scrubbed... URL: From geert.van.muylem at aachen.utimaco.de Sun Dec 17 12:01:29 2006 From: geert.van.muylem at aachen.utimaco.de (geert.van.muylem at aachen.utimaco.de) Date: Sun, 17 Dec 2006 12:01:29 +0100 Subject: Fw: crash in PyImport_Import Message-ID: Hi, The following script works fine when I call it from the python interpreter but not when I call it from a c application (embedded python) It crashes than in the PyImport_Import() import ldap import distutils.sysconfig def TestInit(): l = ldap.open("192.168.1.2") l.simple_bind_s("","") l.search_s("c=BE", ldap.SCOPE_SUBTREE, "objectclass=*") s = distutils.sysconfig.get_config_var('LINKFORSHARED') -> Python and python-ldap are recompiled for my environment (python generates the static library....) Hope someone can give me a hint? thanks, Geert ----- Forwarded by Geert Van Muylem/Utimaco/BE on 12/17/2006 11:56 AM ----- Geert Van Muylem/Utimaco/BE 12/17/2006 12:53 AM To python-ldap-dev at lists.sourceforge.net cc Subject crash in PyImport_Import Hi All, I'm trying to run an application (on a hardened linux) which is using embedded python. The called python script is using the python-ldap module... This application now crashes when calling the PyImport_Import()... If I use however a script which does not import the ldap module, everything works fine: no crash in this api! Calling the script with the interpreter works also fine (I can do search on an ldap server with python...) Anyone any idea what could be wrong.? Thanks in advance, Geert -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Sun Dec 17 19:54:20 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 17 Dec 2006 19:54:20 +0100 Subject: Fw: crash in PyImport_Import In-Reply-To: References: Message-ID: <4585925C.9060908@stroeder.com> geert.van.muylem at aachen.utimaco.de wrote: > > The following script works fine when I call it from the python interpreter > but not when I call it from a c application (embedded python) > It crashes than in the PyImport_Import() Could you please report which versions of Python and python-ldap you are using? Note that 2.2.0 crashed with Python 2.5. Ciao, Michael. From geert.van.muylem at aachen.utimaco.de Mon Dec 18 07:15:30 2006 From: geert.van.muylem at aachen.utimaco.de (geert.van.muylem at aachen.utimaco.de) Date: Mon, 18 Dec 2006 07:15:30 +0100 Subject: Fw: crash in PyImport_Import (Plain) In-Reply-To: <4585925C.9060908@stroeder.com> Message-ID: Hi Michael, I've been using the following versions of python and python-ldap python: 2.5 python-ldap 2.2.1 Thanks!!!! Regards, Geert Michael Str?der 12/17/2006 07:54 PM To geert.van.muylem at aachen.utimaco.de cc python-ldap-dev at lists.sourceforge.net Subject Re: Fw: crash in PyImport_Import (Plain) geert.van.muylem at aachen.utimaco.de wrote: > > The following script works fine when I call it from the python interpreter > but not when I call it from a c application (embedded python) > It crashes than in the PyImport_Import() Could you please report which versions of Python and python-ldap you are using? Note that 2.2.0 crashed with Python 2.5. Ciao, Michael. -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Dec 18 10:18:31 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 18 Dec 2006 10:18:31 +0100 Subject: Fw: crash in PyImport_Import (Plain) In-Reply-To: References: Message-ID: <45865CE7.3020700@stroeder.com> geert.van.muylem at aachen.utimaco.de wrote: > > I've been using the following versions of python and python-ldap > > python: 2.5 > python-ldap 2.2.1 And now it works? (see SF#1575329) Ciao, Michael. From geert.van.muylem at aachen.utimaco.de Mon Dec 18 11:22:25 2006 From: geert.van.muylem at aachen.utimaco.de (geert.van.muylem at aachen.utimaco.de) Date: Mon, 18 Dec 2006 11:22:25 +0100 Subject: Fw: crash in PyImport_Import (Plain) (Unsigned Mail) In-Reply-To: <45865CE7.3020700@stroeder.com> Message-ID: Hi, Unfortunately, it doesn't work with these releases... The crash happens when importing the python script (and no function is called...) Are there any ldapobject created and deleted at that time? (No bind is done before the crash...) Regards, Geert Michael Str?der Sent by: python-ldap-dev-bounces at lists.sourceforge.net 12/18/2006 10:18 AM To geert.van.muylem at aachen.utimaco.de cc python-ldap-dev at lists.sourceforge.net Subject Re: Fw: crash in PyImport_Import (Plain) (Unsigned Mail) geert.van.muylem at aachen.utimaco.de wrote: > > I've been using the following versions of python and python-ldap > > python: 2.5 > python-ldap 2.2.1 And now it works? (see SF#1575329) Ciao, Michael. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Dec 18 11:40:25 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 18 Dec 2006 11:40:25 +0100 Subject: Fw: crash in PyImport_Import In-Reply-To: References: Message-ID: <45867019.2000100@stroeder.com> geert.van.muylem at aachen.utimaco.de wrote: > > -> Python and python-ldap are recompiled for my environment > (python generates the static library....) Did you tweak the file setup.cfg? Can you please elaborate on how static linking is to be done? How is the embedded Python built? Ciao, Michael. From geert.van.muylem at aachen.utimaco.de Mon Dec 18 12:29:44 2006 From: geert.van.muylem at aachen.utimaco.de (geert.van.muylem at aachen.utimaco.de) Date: Mon, 18 Dec 2006 12:29:44 +0100 Subject: Fw: crash in PyImport_Import (Unsigned Mail) In-Reply-To: <45867019.2000100@stroeder.com> Message-ID: Hi, Here is part of my makefile: VERSION = Python-2.5 VERSION_LDAP = python-ldap-2.2.1 compile: .python .python-ldap python: makefile.python .glibc $(VERSION).Setup.local $(EXTRACT_PACKAGE) && \ $(CP) ../$(VERSION).Setup.local Modules/Setup.local && \ ./configure --prefix=/usr --enable-shared=no && \ make && \ make install cp $(VERSION)/libpython2.5.a /usr/lib/libpython.a (cd /usr/include; $(LN) -sf python2.5 python ) touch .python .python-ldap: makefile.python .python .sasl .glibc .openldap python-ldap.setup.cfg (rm -rf $(VERSION_LDAP) || /bin/true) && \ tar xjf $(ARCHIVE_PACKAGES)/$(VERSION_LDAP).tar.bz2 && \ cd $(VERSION_LDAP) && \ $(CP) ../python-ldap.setup.cfg setup.cfg && \ python setup.py build && \ python setup.py install rm -rf $(VERSION_LDAP) touch .python-ldap And my setup.cfg # Example for setup.cfg # You have to edit this file to reflect your system configuation # $Id: setup.cfg.suse-linux,v 1.1 2003/08/20 10:04:34 stroeder Exp $ [_ldap] # Section for compiling the C extension module # for wrapping OpenLDAP 2 libs library_dirs = /usr/lib/ /usr/lib/sasl2/ include_dirs = /usr/include/sasl/ /usr/include/sasl2/ extra_compile_args = extra_objects = # Example for full-featured SuSE build: # Support for StartTLS/LDAPS, SASL bind and reentrant libldap_r. # This needs recent OpenLDAP 2.0.26+ or 2.1.3+ built with #./configure --with-cyrus-sasl --with-tls libs = python ldap_r lber sasl2 ssl crypto resolv dl db m util pthread [install] # Installation options compile = 1 optimize = 1 Everything is done in a chroot-ed environment...when building python-ldap, it uses the newly installed python includes.... The test application is linked against the static version libpython.a Thanks, Geert Michael Str?der Sent by: python-ldap-dev-bounces at lists.sourceforge.net 12/18/2006 11:40 AM To geert.van.muylem at aachen.utimaco.de cc python-ldap-dev at lists.sourceforge.net Subject Re: Fw: crash in PyImport_Import (Unsigned Mail) geert.van.muylem at aachen.utimaco.de wrote: > > -> Python and python-ldap are recompiled for my environment > (python generates the static library....) Did you tweak the file setup.cfg? Can you please elaborate on how static linking is to be done? How is the embedded Python built? Ciao, Michael. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Dec 19 15:18:31 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 19 Dec 2006 15:18:31 +0100 Subject: Fw: crash in PyImport_Import (Unsigned Mail) In-Reply-To: References: Message-ID: <4587F4B7.5020801@stroeder.com> geert.van.muylem at aachen.utimaco.de wrote: > > Everything works fine if I'm linking against the shared version > of python.... > > I've no idea why it's not working with the static version????? I have also no idea. Ciao, Michael. From imgrey at gmail.com Sun Dec 31 08:57:19 2006 From: imgrey at gmail.com (Vitaliyi) Date: Sun, 31 Dec 2006 09:57:19 +0200 Subject: modify_s Message-ID: <3aac340612302357h213cf842pa0739cf5cd40ba9d@mail.gmail.com> I found out that ldap.modify_s behaves strangely, at least from my point of view: l.modify_s(dn,[(ldap.MOD_REPLACE,'someAttr',str(whatever))]) will drop attribute, but with list ([str(whatever)]), parameter do as expected. From michael at stroeder.com Sun Dec 31 13:07:06 2006 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 31 Dec 2006 13:07:06 +0100 Subject: modify_s In-Reply-To: <3aac340612302357h213cf842pa0739cf5cd40ba9d@mail.gmail.com> References: <3aac340612302357h213cf842pa0739cf5cd40ba9d@mail.gmail.com> Message-ID: <4597A7EA.6090307@stroeder.com> Vitaliyi wrote: > I found out that ldap.modify_s behaves strangely, at least from my > point of view: > > l.modify_s(dn,[(ldap.MOD_REPLACE,'someAttr',str(whatever))]) > will drop attribute, You SHOULD NOT use this form because attributes are most times supposed to be multi-valued. > but with list ([str(whatever)]), parameter do as expected. You SHOULD implement it with list. It was a bad design decision to even accept strings. Ciao, Michael. From lionel at alveonet.org Tue Dec 5 14:10:39 2006 From: lionel at alveonet.org (Lionel Porcheron) Date: Tue, 05 Dec 2006 14:10:39 +0100 Subject: patch for documentation Message-ID: <45756FCF.4010408@alveonet.org> Hi, One of Ubuntu users send us a patch on your documentation (see attached). Can you check it and see if it is appropriate and in this case include it in your future releases. The original bug is reachable here : https://bugs.launchpad.net/distros/ubuntu/+source/python-ldap/+bug/73615 Cheers, Lionel -------------- next part -------------- A non-text attachment was scrubbed... Name: ldap-objects.html.diff Type: text/x-patch Size: 512 bytes Desc: not available URL: