From anilj at entic.net Thu Jan 10 05:33:29 2008 From: anilj at entic.net (Anil Jangity) Date: Wed, 9 Jan 2008 20:33:29 -0800 Subject: sasl bind Message-ID: Hi! Is there some documentation somewhere that explains the usage of SASL bind requests? How exactly should sasl_interactive_bind_s() be used? Thanks, Anil From michael at stroeder.com Thu Jan 10 11:05:46 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 10 Jan 2008 11:05:46 +0100 Subject: sasl bind In-Reply-To: References: Message-ID: <4785EDFA.3090202@stroeder.com> Anil Jangity wrote: > > Is there some documentation somewhere that explains the usage of SASL > bind requests? No official docs yet. SASL-related patches for the docs are pending... > How exactly should sasl_interactive_bind_s() be used? It depends. Have a look at Demo/sasl_bind.py in the source distribution. Ciao, Michael. From bowmanj at users.sourceforge.net Wed Jan 16 16:36:02 2008 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Wed, 16 Jan 2008 10:36:02 -0500 Subject: EGGs for 2.3.1 In-Reply-To: <46A75C60.3080004@tk-webart.de> References: <46A75C60.3080004@tk-webart.de> Message-ID: <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> I would love to know how you setup OpenSSL + OpenLDAP on Windows -- I am having trouble with OpenSSL 0.9.8g and MinGW, compiling with shared dlls. (Static builds fine, but OpenLDAP doesn't seem to want this). Regards, Jonathan Bowman On Jul 25, 2007 9:21 AM, Torsten Kurbad wrote: > Hi folks, > > I just finished building several eggs, for those who are interested: > > * Linux i686, Python 2.4, glibc 2.6, OpenLDAP 2.3.37, OpenSSL 0.9.8e, > cyrus-SASL 2.1.22 > * Mac OSX 10.3/4 PPC/Intel (fat), Python 2.4, OS X 10.4's standard > OpenLDAP, OpenSSL, cyrus-SASL > * Mac OSX 10.4 PPC, Python 2.3, OS X 10.4's standard OpenLDAP, OpenSSL, > cyrus-SASL > * Win32, Python 2.4, OpenLDAP 2.2.29, bundled OpenSSL 0.9.8a, w/o SASL > > All eggs as well as the Win32 prerequisite (OpenLDAP installer) can be > downloaded from > > http://svn.kmrc.de/download/distribution > > Have fun! > Torsten > > -- > Fon: +49-7071-700240 | Fax: +49-7071-700241 | http://www.tk-webart.de > > Ich schreibe dir einen langen Brief, weil ich keine Zeit habe, > einen kurzen zu schreiben. -- Johann Wolfgang von Goethe -- > > > > From michael at stroeder.com Wed Jan 16 17:03:38 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 16 Jan 2008 17:03:38 +0100 Subject: EGGs for 2.3.1 In-Reply-To: <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> Message-ID: <478E2ADA.8080007@stroeder.com> Jonathan Bowman wrote: > (Static builds fine, but OpenLDAP doesn't seem to want this). Sorry, don't have a hint for you. But I'd suggest to raise OpenLDAP builds problems on the openldap-software mailing list. I don't see a reason why linking a static build (of OpenSSL) shouldn't be supported by OpenLDAP. Ciao, Michael. From python-ldap at tk-webart.de Wed Jan 16 17:13:14 2008 From: python-ldap at tk-webart.de (Torsten Kurbad) Date: Wed, 16 Jan 2008 17:13:14 +0100 Subject: EGGs for 2.3.1 In-Reply-To: <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> Message-ID: <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> Hi Jonathan, > I would love to know how you setup OpenSSL + OpenLDAP on Windows -- I > am having trouble with OpenSSL 0.9.8g and MinGW, compiling with shared > dlls. (Static builds fine, but OpenLDAP doesn't seem to want this). I guess you're on your own here - I simply used the precompiled OpenLDAP Windoze installer, which I found on SF.net. It brought along OpenSSL libs and everything works for me... Regards, Torsten -- Parting is such sweet sorrow. -William Shakespeare From bowmanj at users.sourceforge.net Thu Jan 17 12:39:25 2008 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Thu, 17 Jan 2008 06:39:25 -0500 Subject: EGGs for 2.3.1 In-Reply-To: <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> Message-ID: <7a2b5dfb0801170339j7388f847mec9757007eec8ff9@mail.gmail.com> Thanks for the clarity and direction. > I guess you're on your own here - I simply used the precompiled > OpenLDAP Windoze installer, which I found on SF.net. It brought along > OpenSSL libs and everything works for me... I don't think that installer is maintained any more. I did finally get it to compile (OpenSSL 0.9.8g and OpenLDAP 2.4.7) -- I am happy to post directions, but only if deemed list-appropriate. I guess the directions should end with compiling python-ldap, and I am not yet that far. Soon, though. Regards, Jonathan Bowman From michael at stroeder.com Thu Jan 17 12:52:25 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 17 Jan 2008 12:52:25 +0100 Subject: EGGs for 2.3.1 In-Reply-To: <7a2b5dfb0801170339j7388f847mec9757007eec8ff9@mail.gmail.com> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> <7a2b5dfb0801170339j7388f847mec9757007eec8ff9@mail.gmail.com> Message-ID: <478F4179.6060907@stroeder.com> Jonathan Bowman wrote: > Thanks for the clarity and direction. > >> I guess you're on your own here - I simply used the precompiled >> OpenLDAP Windoze installer, which I found on SF.net. It brought along >> OpenSSL libs and everything works for me... > > I don't think that installer is maintained any more. > > I did finally get it to compile (OpenSSL 0.9.8g and OpenLDAP 2.4.7) -- > I am happy to post directions, but only if deemed list-appropriate. You're very welcome to give hints about this build process on this list. > I guess the directions should end with compiling python-ldap, Yes, that would be great. ;-) > and I am not yet that far. Soon, though. Good luck! I'm looking forward to your posting. Ciao, Michael. From bowmanj at users.sourceforge.net Thu Jan 17 22:02:07 2008 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Thu, 17 Jan 2008 16:02:07 -0500 Subject: EGGs for 2.3.1 In-Reply-To: <478F4179.6060907@stroeder.com> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> <7a2b5dfb0801170339j7388f847mec9757007eec8ff9@mail.gmail.com> <478F4179.6060907@stroeder.com> Message-ID: <7a2b5dfb0801171302r3d0bcefan152f0c4b202fb26f@mail.gmail.com> Looks like MinGW and Python may be the wrong way to go; I think everything is done in Microsoft Visual C++ now? So, until I can get Python compiled in MinGW, I suppose my short sojourn with MinGW and python-ldap is at an end... > Good luck! I'm looking forward to your posting. I am doubtful; but if I discover anything of interest, I will surely pass it on. Again, thanks for the feedback. Regards, Jonathan From michael at stroeder.com Thu Jan 17 22:16:23 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 17 Jan 2008 22:16:23 +0100 Subject: EGGs for 2.3.1 In-Reply-To: <7a2b5dfb0801171302r3d0bcefan152f0c4b202fb26f@mail.gmail.com> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> <7a2b5dfb0801170339j7388f847mec9757007eec8ff9@mail.gmail.com> <478F4179.6060907@stroeder.com> <7a2b5dfb0801171302r3d0bcefan152f0c4b202fb26f@mail.gmail.com> Message-ID: <478FC5A7.4020000@stroeder.com> Jonathan Bowman wrote: > Looks like MinGW and Python may be the wrong way to go; I think > everything is done in Microsoft Visual C++ now? IIRC the OpenLDAP developers always recommend to build OpenLDAP with MingW. > So, until I can get Python compiled in MinGW, I suppose my short > sojourn with MinGW and python-ldap is at an end... There has been success reports building python-ldap with MingW for a stock Python MSI installer without having to rebuild Python itself. Ciao, Michael. From bowmanj at users.sourceforge.net Fri Jan 18 20:21:45 2008 From: bowmanj at users.sourceforge.net (Jonathan Bowman) Date: Fri, 18 Jan 2008 14:21:45 -0500 Subject: Diary of MinGW OpenSSL/OpenLDAP/python-ldap experience Message-ID: <7a2b5dfb0801181121s67fc4d1jfa4f194a8cab094f@mail.gmail.com> I have placed instructions here: http://bowmansolutions.com/mingw-openldap/ Please let me know if these work for you, and forgive me if I am duplicating documentation that already exists. If you all like it, I would love to know of the best place to post this info. Regards, Jonathan Bowman From michael at stroeder.com Sat Jan 19 23:00:52 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sat, 19 Jan 2008 23:00:52 +0100 Subject: Diary of MinGW OpenSSL/OpenLDAP/python-ldap experience In-Reply-To: <7a2b5dfb0801181121s67fc4d1jfa4f194a8cab094f@mail.gmail.com> References: <7a2b5dfb0801181121s67fc4d1jfa4f194a8cab094f@mail.gmail.com> Message-ID: <47927314.20402@stroeder.com> Jonathan Bowman wrote: > I have placed instructions here: > > http://bowmansolutions.com/mingw-openldap/ Thanks for letting us know. If your instructions stay on this site I'll link it from python-ldap's web page. > If you all like it, I would love to know of the best place to post this info. IMHO it would be a good idea to also post this on the openldap-technical mailing list (see http://www.openldap.org/lists/). Maybe some of the folks there could review it. Ciao, Michael. From dschein at fsinnovations.net Mon Jan 21 21:27:04 2008 From: dschein at fsinnovations.net (David S.) Date: Mon, 21 Jan 2008 20:27:04 +0000 (UTC) Subject: sizelimit and =?utf-8?b?U0laRUxJTUlUX0VYQ0VFREVE?= Message-ID: When I call search_ext_s with sizelimit=n, I expect simply to get n or fewer entries in my result, but instead I get a SIZELIMIT_EXCEEDED exception {'info': '', 'desc': 'Size limit exceeded'}. Am I misunderstanding or misusing that argument? Thanks for any help. Peace, David S. From michael at stroeder.com Mon Jan 21 22:02:58 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 21 Jan 2008 22:02:58 +0100 Subject: sizelimit and SIZELIMIT_EXCEEDED In-Reply-To: References: Message-ID: <47950882.2000204@stroeder.com> David S. wrote: > When I call search_ext_s with sizelimit=n, I expect simply to get n or fewer > entries in my result, but instead I get a SIZELIMIT_EXCEEDED exception {'info': > '', 'desc': 'Size limit exceeded'}. Hmm, the argument 'sizelimit' should be rather used with the async method search_ext(). You can start the search with search_ext() and receive the partial results with result3() until this exception is raised. Ciao, Michael. From dschein at fsinnovations.net Mon Jan 21 22:24:18 2008 From: dschein at fsinnovations.net (David S.) Date: Mon, 21 Jan 2008 21:24:18 +0000 (UTC) Subject: sizelimit and =?utf-8?b?U0laRUxJTUlUX0VYQ0VFREVE?= References: <47950882.2000204@stroeder.com> Message-ID: Michael Str?der writes: > Hmm, the argument 'sizelimit' should be rather used with the async > method search_ext(). You can start the search with search_ext() and > receive the partial results with result3() until this exception is raised. > Aha, like raising StopIteration in a generator. Thanks. From michael at stroeder.com Tue Jan 22 11:11:15 2008 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Tue, 22 Jan 2008 11:11:15 +0100 Subject: sizelimit and SIZELIMIT_EXCEEDED In-Reply-To: References: <47950882.2000204@stroeder.com> Message-ID: <4795C143.5070606@stroeder.com> David S. wrote: > Michael Str?der writes: > > >> Hmm, the argument 'sizelimit' should be rather used with the async >> method search_ext(). You can start the search with search_ext() and >> receive the partial results with result3() until this exception is raised. > > Aha, like raising StopIteration in a generator. Thanks. Almost: But StopIteration indicates the regular end of an iteration whereas SIZELIMIT_EXCEEDED exception indicates that only partial results were received. Ciao, Michael. From mcicogni at libero.it Fri Jan 25 13:18:40 2008 From: mcicogni at libero.it (Mauro Cicognini) Date: Fri, 25 Jan 2008 13:18:40 +0100 Subject: EGGs for 2.3.1 In-Reply-To: <478FC5A7.4020000@stroeder.com> References: <46A75C60.3080004@tk-webart.de> <7a2b5dfb0801160736u65ee7c20jea2cca4773624f5e@mail.gmail.com> <20080116171314.6b9b4b08@atalante.iwm-kmrc.de> <7a2b5dfb0801170339j7388f847mec9757007eec8ff9@mail.gmail.com> <478F4179.6060907@stroeder.com> <7a2b5dfb0801171302r3d0bcefan152f0c4b202fb26f@mail.gmail.com> <478FC5A7.4020000@stroeder.com> Message-ID: <4799D3A0.2070102@libero.it> Michael Stro"der ha scritto: > There has been success reports building python-ldap with MingW for a stock Python MSI installer without having to rebuild Python itself. I can confirm that the binaries cooperate peacefully. In other words, go ahead with MinGW for OpenLDAP and python-ldap, you don't need to recompile Python itself to have the extension working (although you will need the source and the .lib files; but the latter can be produced from the DLLs afterwards). HTH Mauro From yancey at unt.edu Tue Jan 29 02:01:13 2008 From: yancey at unt.edu (Yeargan Yancey) Date: Mon, 28 Jan 2008 19:01:13 -0600 Subject: LDAP Polling Message-ID: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> I am trying to use the asynchronous LDAP polling feature and have a question about what appears to be a timing issue. When I run the code below, I find that I must insert a sleep() before entering the while loop or I get a ValueError exception. If I sleep for around 0.01 seconds, the exception is intermittent (from my system to this server). With the sleep at 0.10 seconds or higher, I get the results I would expect from the server. I would expect that whether I sleep or not should be irrelevant. If I poll for a result and there is nothing available, then result() should return with None and not generate an exception. Is that the correct behavior? What am I missing? I provided an example of the code output including the exception itself and the sample code below. The code uses a public LDAP server and should work from anywhere. ---=[begin: sample exception]=--- Polling ... Traceback (most recent call last): File "./sample.py", line 26, in ? res = l.result(res_id, all=0, timeout=0) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3 (msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3 rtype, rdata, rmsgid, serverctrls = self._ldap_call (self._l.result3,msgid,all,timeout) ValueError: need more than 3 values to unpack ---=[end: sample exception]=--- ---=[begin: sample code]=--- #!/usr/bin/python import ldap,time l = ldap.initialize('ldap://ldap.utexas.edu') l.simple_bind_s() #anonymous bind base = r'ou=people,dc=directory,dc=utexas,dc=edu' scope = ldap.SCOPE_ONELEVEL filt = r'(&(uid=yw*)(objectclass=inetOrgPerson))' attrs = ['givenname'] res_id = l.search(base, scope, filt, attrs) # exception occurs without this sleep -- WHY?? #time.sleep(0.1) while 1: print print 'Polling ...' # Set all=0 to retrieve a single entry # Set timeout=0 to poll for a response res = l.result(res_id, all=0, timeout=0) if type(res) == tuple: if res[0] == ldap.RES_SEARCH_ENTRY: print 'Got LDAP ENTRY' print 'Data: ', res[1] elif res[0] == ldap.RES_SEARCH_RESULT: print 'Got LDAP RESULT' print 'Data: ', if res[1] == []: print '--empty--' else: print res[1] break #exit while loop else: print '-'*60 print '*** UNEXPECTED LDAP RESULT ***' print 'DEBUG (res): ', res print '-'*60 else: print 'DEBUG: type = ', type(res) print 'DEBUG: value = ', repr(res) continue print l.unbind_s() ---=[end: sample code]=--- Any help appreciated. Yancey -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Jan 29 09:48:31 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 29 Jan 2008 09:48:31 +0100 Subject: LDAP Polling In-Reply-To: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> Message-ID: <479EE85F.3000006@stroeder.com> Yeargan Yancey wrote: > > I am trying to use the asynchronous LDAP polling feature and have a > question about what appears to be a timing issue. When I run the code > below, I find that I must insert a sleep() before entering the while > loop or I get a ValueError exception. > [..] > File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, > in result3 > rtype, rdata, rmsgid, serverctrls = > self._ldap_call(self._l.result3,msgid,all,timeout) > ValueError: need more than 3 values to unpack Hmm, this should never happen. I guess it's caused by _ldap.result3() returning NULL for the situation where no result was received at all. I will look into it. In the meantime try if the patch to LDAPObject.py attached solves your problem. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: valueerror_in_result3.patch Type: text/x-patch Size: 1147 bytes Desc: not available URL: From yancey at unt.edu Tue Jan 29 16:36:22 2008 From: yancey at unt.edu (Yeargan Yancey) Date: Tue, 29 Jan 2008 09:36:22 -0600 Subject: LDAP Polling In-Reply-To: <479EE85F.3000006@stroeder.com> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> Message-ID: <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu> Hmm. That only moved the exception. File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 421, in result3 rtype, rdata, rmsgid, serverctrls = ldap_result ValueError: need more than 3 values to unpack I put the statement above into a try..except block and checked the value when the exception occurs. This line ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) assigns (None,None,None) to ldap_result, a 3-tuple instead of a 4-tuple. Once data becomes available from the LDAP server, then it returns a 4- tuple as expected. Yancey On Jan 29, 2008, at 2:48 AM, Michael Str?der wrote: > Yeargan Yancey wrote: >> >> I am trying to use the asynchronous LDAP polling feature and have a >> question about what appears to be a timing issue. When I run the code >> below, I find that I must insert a sleep() before entering the while >> loop or I get a ValueError exception. >> [..] >> File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line >> 415, >> in result3 >> rtype, rdata, rmsgid, serverctrls = >> self._ldap_call(self._l.result3,msgid,all,timeout) >> ValueError: need more than 3 values to unpack > > Hmm, this should never happen. I guess it's caused by _ldap.result3() > returning NULL for the situation where no result was received at > all. I > will look into it. > > In the meantime try if the patch to LDAPObject.py attached solves your > problem. > > Ciao, Michael. From michael at stroeder.com Tue Jan 29 23:41:28 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 29 Jan 2008 23:41:28 +0100 Subject: LDAP Polling In-Reply-To: <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu> Message-ID: <479FAB98.6050107@stroeder.com> Yeargan Yancey wrote: > Hmm. That only moved the exception. > > File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line > 421, in result3 > rtype, rdata, rmsgid, serverctrls = ldap_result > ValueError: need more than 3 values to unpack > > I put the statement above into a try..except block and checked the > value when the exception occurs. This line > > ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) > > assigns (None,None,None) to ldap_result, a 3-tuple instead of a 4-tuple. Hmm, which version of python-ldap is this? Did you install from source? Looking at function l_ldap_result3() in Modules/LDAPObject.c I can't figure out why a 3-tuple is returned. I did not write this code though... Ciao, Michael. From yancey at unt.edu Tue Jan 29 23:51:13 2008 From: yancey at unt.edu (Yeargan, Yancey) Date: Tue, 29 Jan 2008 16:51:13 -0600 Subject: LDAP Polling In-Reply-To: <479FAB98.6050107@stroeder.com> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu>, <479FAB98.6050107@stroeder.com> Message-ID: <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> > Hmm, which version of python-ldap is this? Did you install from source? > > Looking at function l_ldap_result3() in Modules/LDAPObject.c I > can't figure out why a 3-tuple is returned. I did not write this > code though... > > Ciao, Michael. > Not from source. This version came with SuSE Linux Enterprise Server 10. $Id: ldapobject.py,v 1.92 2005/11/03 09:09:43 stroeder Exp $ To solve my immediate need, I re-coded the function like so: def result3(self,msgid=_ldap.RES_ANY,all=1,timeout=None): if timeout is None: timeout = self.timeout ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) if ldap_result == (None,None,None): return (None,None,None,None) else: rtype, rdata, rmsgid, serverctrls = ldap_result decoded_serverctrls = DecodeControlTuples(serverctrls) return rtype, rdata, rmsgid, decoded_serverctrls Can you point me to code for "self._l.result3"? I may have time later this week to do more debugging. Yancey From michael at stroeder.com Tue Jan 29 23:59:02 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 29 Jan 2008 23:59:02 +0100 Subject: LDAP Polling In-Reply-To: <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu>, <479FAB98.6050107@stroeder.com> <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> Message-ID: <479FAFB6.9040101@stroeder.com> Yeargan, Yancey wrote: > > Not from source. This version came > with SuSE Linux Enterprise Server 10. What does rpm -q python-ldap say? Ciao, Michael. From michael at stroeder.com Wed Jan 30 00:01:07 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 30 Jan 2008 00:01:07 +0100 Subject: LDAP Polling In-Reply-To: <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu>, <479FAB98.6050107@stroeder.com> <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> Message-ID: <479FB033.20800@stroeder.com> Yeargan, Yancey wrote: > > Can you point me to code for "self._l.result3"? Grab the source. Best would be from CVS: http://sourceforge.net/cvs/?group_id=2072 Look at Modules/LDAPObject.c into function l_ldap_result3() (starting at line 940). Ciao, Michael. From yancey at unt.edu Wed Jan 30 02:10:07 2008 From: yancey at unt.edu (Yeargan Yancey) Date: Tue, 29 Jan 2008 19:10:07 -0600 Subject: LDAP Polling In-Reply-To: <479FAFB6.9040101@stroeder.com> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu>, <479FAB98.6050107@stroeder.com> <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> <479FAFB6.9040101@stroeder.com> Message-ID: python-ldap-2.0.11-14.2 On Jan 29, 2008, at 4:59 PM, Michael Str?der wrote: > Yeargan, Yancey wrote: >> >> Not from source. This version came >> with SuSE Linux Enterprise Server 10. > > What does rpm -q python-ldap say? > > Ciao, Michael. From michael at stroeder.com Wed Jan 30 09:13:34 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 30 Jan 2008 09:13:34 +0100 Subject: LDAP Polling In-Reply-To: References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu>, <479FAB98.6050107@stroeder.com> <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> <479FAFB6.9040101@stroeder.com> Message-ID: <47A031AE.6050803@stroeder.com> Yeargan Yancey wrote: > python-ldap-2.0.11-14.2 Sorry, I'm not keen on supporting this ancient version anymore. This has been released almost two years ago and I'm sure there were bugs in there. Any chance you can build 2.3.1 from source? You can generate a RPM with python setup.py bdist_rpm and install that. But you need to upgrade to OpenLDAP 2.3 for python-ldap too. Maybe it works to install this packages: http://download.opensuse.org/repositories/OpenLDAP/SLE_10/i586/ For building python-ldap you'd also need package openldap2-devel (and cyrus-sasl-devel if SASL support is wanted). Ciao, Michael. From yancey at unt.edu Wed Jan 30 17:18:03 2008 From: yancey at unt.edu (Yeargan Yancey) Date: Wed, 30 Jan 2008 10:18:03 -0600 Subject: LDAP Polling In-Reply-To: <47A031AE.6050803@stroeder.com> References: <4FC6B40B-ADC2-4AE7-AFCF-E753C44098E2@unt.edu> <479EE85F.3000006@stroeder.com> <1A2F9CCA-9BB9-4F6B-8CFF-F1F1D4AA4521@unt.edu>, <479FAB98.6050107@stroeder.com> <724979A98A0EA046B5526185A96CDE9D320E0E16@GABMB02.ad.unt.edu> <479FAFB6.9040101@stroeder.com> <47A031AE.6050803@stroeder.com> Message-ID: <341921B2-6533-41BD-9098-A395355407A4@unt.edu> That did the trick. It must be a bug in the older python-ldap code that Novell distributes with SLES 10. OpenLDAP 2.3.32 is already there, as well as SASL 2.1.21, so building python-ldap was easy. Since my organization has a support contract with Novell, I will open a support request and let them know of this issue. In case anyone else runs into this, RPM complained about a missing dependency of "libldap.so.2". I'm not sure why, since I can see it in /usr/lib, but I just used the --nodeps parameter to force the install. I also relocated the files listed in the RPM from /usr/local/ lib to /usr/lib to replace the files supplied with SLES 10. rpm -Uvh --nodeps --relocate /usr/local/lib/python2.4/=/usr/lib/ python2.4/ python-ldap-2.3.1-0.i586.rpm Thanks Michael! Sorry to waste your time. Yancey On Jan 30, 2008, at 2:13 AM, Michael Str?der wrote: > Yeargan Yancey wrote: >> python-ldap-2.0.11-14.2 > > Sorry, I'm not keen on supporting this ancient version anymore. > This has > been released almost two years ago and I'm sure there were bugs in > there. Any chance you can build 2.3.1 from source? You can generate a > RPM with > > python setup.py bdist_rpm > > and install that. > > But you need to upgrade to OpenLDAP 2.3 for python-ldap too. Maybe it > works to install this packages: > > http://download.opensuse.org/repositories/OpenLDAP/SLE_10/i586/ > > For building python-ldap you'd also need package openldap2-devel (and > cyrus-sasl-devel if SASL support is wanted). > > Ciao, Michael. From jamesa at daa.com.au Tue Feb 12 02:38:51 2008 From: jamesa at daa.com.au (James Andrewartha) Date: Tue, 12 Feb 2008 10:38:51 +0900 Subject: documentation updates In-Reply-To: <47725606.7050706@stroeder.com> References: <1193102127.31900.7.camel@zarvora> <1193131642.31900.22.camel@zarvora> <1193161793.1307.13.camel@zarvora> <471E3D1F.7040501@stroeder.com> <47725606.7050706@stroeder.com> Message-ID: <1202780331.23511.10.camel@zarvora> On Wed, 2007-12-26 at 14:24 +0100, Michael Str?der wrote: > Well, actually it took more time to have a running latex environment again. > > I've committed many modifications to ldap*.tex but not all. Please > review. Some new module descriptions are still not in there. Looks pretty good. > > One general note: I didn't document some stuff since I didn't want to > > endorse it because I don't consider certain APIs to be really stable > > (say: designed well). Examples are class SmartLDAPObject, the API of > > ldap.schema etc. > > Hmm, I don't know whether I want to endorse the use of module > ldap.cidict. Since Python 2.3 has support for sets now this is somewhat > outdated. The main feature of cidict is that it's case-insensitive - I didn't think Python's sets were? cidict is still being used in this example written at the end of last year: http://www.packtpub.com/article/python-ldap-applications-ldap-opearations James Andrewartha From michael at stroeder.com Tue Feb 12 11:13:37 2008 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Tue, 12 Feb 2008 11:13:37 +0100 Subject: documentation updates In-Reply-To: <1202780331.23511.10.camel@zarvora> References: <1193102127.31900.7.camel@zarvora> <1193131642.31900.22.camel@zarvora> <1193161793.1307.13.camel@zarvora> <471E3D1F.7040501@stroeder.com> <47725606.7050706@stroeder.com> <1202780331.23511.10.camel@zarvora> Message-ID: <47B17151.7060401@stroeder.com> James Andrewartha wrote: >> Hmm, I don't know whether I want to endorse the use of module >> ldap.cidict. Since Python 2.3 has support for sets now this is somewhat >> outdated. > > The main feature of cidict is that it's case-insensitive - I didn't > think Python's sets were? cidict is still being used in this example > written at the end of last year: > http://www.packtpub.com/article/python-ldap-applications-ldap-opearations Hmm, it's used therein to store an entry. Yes, one could use it like this. But for higher-level stuff I'd rather like to endorse something like class ldap.schema.models.Entry which is a full schema-aware dictionary for LDAP entries. It solves all name alias and name->OID mapping problems but requires LDAPv3 subschema subentry information to be retrieved and initialized. But I consider this also to be somewhat immature since I'm probably the only one who's using it. And one to do left: Attribute sub-types are not handled. Ciao, Michael. From python-ldap at tk-webart.de Mon Feb 18 14:56:03 2008 From: python-ldap at tk-webart.de (Torsten Kurbad) Date: Mon, 18 Feb 2008 14:56:03 +0100 Subject: OT: PyKerberos Message-ID: <20080218145603.3e23e96b@atalante.iwm-kmrc.de> Hi folks, since the theme popped up here once in a while, I dare to write something not strictly related to Python-LDAP. ;o) Searching for a useable Python interface to KAdmin, I finally decided to wrap some functions on my own. The result is a branch of Apple's PyKerberos, enriched by a kadm5 module, which provides basic methods to connect to a remote kerberos admin server and maintain principals. (Simplified creation, check for existance, list all princs, delete, chpass) It's written purely in C. If someone wants to use and/or extend this code, you can check it out at: http://svn.kmrc.de/projects/devel/PyKerberos/trunk Regards Torsten -- Vital papers will demonstrate their vitality by spontaneously moving from where you left them to where you can't find them. From michael at stroeder.com Tue Feb 19 15:19:04 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 19 Feb 2008 15:19:04 +0100 Subject: Problem with python-ldap !!! In-Reply-To: <20080219125348.GA244335@electre.pasteur.fr> References: <20080219125348.GA244335@electre.pasteur.fr> Message-ID: <47BAE558.6010705@stroeder.com> Philippe Bouige wrote: > > I work with sun/solaris and I try compute python-ldap with > open-ldpa and I have this error !!! How to do ? Sorry, I refuse to answer further direct e-mails not coming from my customers. Please post further questions on the python-ldap-dev mailing list (Cc:-ed) so that other subscribers on the list can answer and learn as well. > include_dirs: /usr/local/include /usr/include > library_dirs: /usr/local/lib /usr/lib > [..] > build/temp.solaris-2.9-sun4u-2.4/Modules/constants.o > Modules/constants.c: In function `LDAPinit_constants': > Modules/constants.c:126: error: `LDAP_MOD_INCREMENT' undeclared > (first use in this function) Modules/constants.c:126: error: > (Each undeclared identifier is reported only once > Modules/constants.c:126: error: for each function it appears > in.) Modules/constants.c:208: error: `LDAP_AVA_NULL' undeclared > (first use in this function) error: command '/local/bin//gcc' > failed with exit status 1 Probably you're actually trying to build with the LDAP libs pre-installed with Solaris. That won't work. You have to edit the parameters above to reflect the position of your local OpenLDAP 2.3.x or 2.4.x installation and avoid lib conflicts by other means. Ciao, Michael. From michael at stroeder.com Tue Feb 19 15:19:04 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 19 Feb 2008 15:19:04 +0100 Subject: Problem with python-ldap !!! In-Reply-To: <20080219125348.GA244335@electre.pasteur.fr> References: <20080219125348.GA244335@electre.pasteur.fr> Message-ID: <47BAE558.6010705@stroeder.com> Philippe Bouige wrote: > > I work with sun/solaris and I try compute python-ldap with > open-ldpa and I have this error !!! How to do ? Sorry, I refuse to answer further direct e-mails not coming from my customers. Please post further questions on the python-ldap-dev mailing list (Cc:-ed) so that other subscribers on the list can answer and learn as well. > include_dirs: /usr/local/include /usr/include > library_dirs: /usr/local/lib /usr/lib > [..] > build/temp.solaris-2.9-sun4u-2.4/Modules/constants.o > Modules/constants.c: In function `LDAPinit_constants': > Modules/constants.c:126: error: `LDAP_MOD_INCREMENT' undeclared > (first use in this function) Modules/constants.c:126: error: > (Each undeclared identifier is reported only once > Modules/constants.c:126: error: for each function it appears > in.) Modules/constants.c:208: error: `LDAP_AVA_NULL' undeclared > (first use in this function) error: command '/local/bin//gcc' > failed with exit status 1 Probably you're actually trying to build with the LDAP libs pre-installed with Solaris. That won't work. You have to edit the parameters above to reflect the position of your local OpenLDAP 2.3.x or 2.4.x installation and avoid lib conflicts by other means. Ciao, Michael. From michael at stroeder.com Fri Feb 22 18:06:41 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 22 Feb 2008 18:06:41 +0100 Subject: A quick question In-Reply-To: <47BEF9F5.70601@adm.umu.se> References: <47BEF9F5.70601@adm.umu.se> Message-ID: <47BF0121.90109@stroeder.com> Roland, Roland Hedberg wrote: > > Is there a simple way to map a dictionary containing a attribute schema > information for an attribute into a ldap.schema.attributeType instance ? I'm not sure I fully understand what you want. But did you already have a closer look at module ldap.schema and the examples in Demo/schema*.py? Basically the whole schema information is stored in various dictionaries of an instance of ldap.schema.subentry.SubSchema. ^^^^^^^^ (Kind of a misnomer...) Or are you asking about how to handle the name alias issues for attribute types? Then you might want to look at class ldap.schema.models.Entry. You can initialize it with a dictionary e.g. retrieved by a search and access the attribute value lists by the various aliases and by OID. Ciao, Michael. P.S.: I'd like to rather discuss those things on the python-ldap-dev mailing list (Cc:-ed) so others could benefit from such a discussion as well. From python-ldap at tk-webart.de Tue Feb 26 10:13:48 2008 From: python-ldap at tk-webart.de (Torsten Kurbad) Date: Tue, 26 Feb 2008 10:13:48 +0100 Subject: [Freeipa-devel] [Fwd: OT: PyKerberos] In-Reply-To: <20080226080111.GA3462@bogon.ms20.nix> References: <47BB0BDF.3000300@redhat.com> <20080226080111.GA3462@bogon.ms20.nix> Message-ID: <20080226101348.44db5cc8@atalante.iwm-kmrc.de> Hi Guido, > > [...] > > decided to wrap some functions on my own. The result is a branch of > > Apple's PyKerberos, enriched by a kadm5 module, which provides > > basic methods to connect to a remote kerberos admin server and > > maintain principals. [...] > That's great news. I also added some more stuff to pykerberos like > user password changing: > http://trac.macosforge.org/projects/calendarserver/ticket/256 > and very basic GSSWrap/Unwrap support (just enough to talk to > dovecot). Some of this has already been merged on the more-kerberos > branch of pykerberos's SVN but things move slowly there. > We already have a packages in Debian that has these patches and I > could a add yours too if that makes sense. That's a great idea! I'd appreciate too, if some C-regulars would take a look at the code, since this is my first (and probably last ;o) ever project written in C. > > If someone wants to use and/or extend this code, you can check it > > out at: > > > > http://svn.kmrc.de/projects/devel/PyKerberos/trunk > The server doesn't answer - not even to a ping. It should now! We had a defective UPS that pulled down our uplink media transceiver. ;o( If you still encounter problems, please let me know. Regards, Torsten -- The person who's taking you to lunch has no intention of paying. From Ron at USMedRec.com Sun Mar 2 04:34:14 2008 From: Ron at USMedRec.com (Ron Teitelbaum) Date: Sat, 1 Mar 2008 22:34:14 -0500 Subject: Commiting multiple objects Message-ID: Hello, I have to commit multiple objects. Can I use the modlist to store and commit multiple objects at once. If so is it possible to order the objects so that they commit a subtree before the leaves? Thanks for your help! Ron Teitelbaum -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Sun Mar 2 14:16:25 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 02 Mar 2008 14:16:25 +0100 Subject: Commiting multiple objects In-Reply-To: References: Message-ID: <47CAA8A9.1040803@stroeder.com> Ron Teitelbaum wrote: > > I have to commit multiple objects. Can I use the modlist to store and > commit multiple objects at once. No. LDAP has no support for transactions over multiple entries. Only write operations to single entries are guaranteed to be atomar. Hence python-ldap does not contain any API for such transactions. Ciao, Michael. From leonsp at ca.ibm.com Mon Mar 3 20:38:13 2008 From: leonsp at ca.ibm.com (Leons Petrazickis) Date: Mon, 3 Mar 2008 14:38:13 -0500 Subject: Local error in simple_bind_s() continued Message-ID: Hello, I just installed Suse Linux Enterprise Desktop 10. It comes with OpenLDAP 2.3.19 and Python 2.4. On top of that, I built the latest CVS checkout of python-ldap. I am getting the same error as with Ubuntu. OpenLDAP works, but python-ldap crashes. Previous thread: This script crashes: import ldap; ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095); l = ldap.initialize("ldap://bluepages.ibm.com:636/",trace_level=2); l.simple_bind_s(); This is the output: ldap_create ldap_url_parse_ext(ldap://bluepages.ibm.com:636/) *** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.set_option ((17, 3),{}) *** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.simple_bind (('', '', None, None),{}) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP bluepages.ibm.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 9.17.186.253:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request => result: 1 *** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.result3 ((1, 1, -1),{}) ldap_result ld 0x805a3d0 msgid 1 ldap_chkResponseList ld 0x805a3d0 msgid 1 all 1 ldap_chkResponseList returns ld 0x805a3d0 NULL wait4msg ld 0x805a3d0 msgid 1 (infinite timeout) wait4msg continue ld 0x805a3d0 msgid 1 all 1 ** ld 0x805a3d0 Connections: * host: bluepages.ibm.com port: 636 (default) refcnt: 2 status: Connected last used: Mon Mar 3 09:04:02 2008 ** ld 0x805a3d0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x805a3d0 Response Queue: Empty ldap_chkResponseList ld 0x805a3d0 msgid 1 all 1 ldap_chkResponseList returns ld 0x805a3d0 NULL ldap_int_select read1msg: ld 0x805a3d0 msgid 1 all 1 ldap_err2string => LDAPError - LOCAL_ERROR: {'desc': 'Local error'} Traceback (most recent call last): File "test.py", line 6, in ? l.simple_bind_s(); File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 176, in simple_bind_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3 rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) ldap.LOCAL_ERROR: {'desc': 'Local error'} ldap_free_request (origid 1, msgid 1) ldap_free_connection 1 1 ldap_send_unbind ldap_free_connection: actually freed But this command works: ldapsearch -h bluepages.ibm.com -x -b "ou=bluepages,o=ibm.com" -s sub "(sn=leonsp)" cn tieline -d 1 This is some of the output: ldap_create ldap_url_parse_ext(ldap://bluepages.ibm.com) ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP bluepages.ibm.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 9.17.186.253:389 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush: 14 bytes to sd 3 ldap_result ld 0x80570a8 msgid 1 ldap_chkResponseList ld 0x80570a8 msgid 1 all 1 ldap_chkResponseList returns ld 0x80570a8 NULL wait4msg ld 0x80570a8 msgid 1 (infinite timeout) wait4msg continue ld 0x80570a8 msgid 1 all 1 ** ld 0x80570a8 Connections: * host: bluepages.ibm.com port: 389 (default) refcnt: 2 status: Connected last used: Mon Mar 3 09:16:27 2008 ** ld 0x80570a8 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x80570a8 Response Queue: Empty ldap_chkResponseList ld 0x80570a8 msgid 1 all 1 ldap_chkResponseList returns ld 0x80570a8 NULL ### CRASH HAPPENS HERE IN python-ldap ### ldap_int_select read1msg: ld 0x80570a8 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 16 contents: read1msg: ld 0x80570a8 msgid 1 message type bind ber_scanf fmt ({eaa) ber: read1msg: ld 0x80570a8 0 new referrals read1msg: mark request completed, ld 0x80570a8 msgid 1 request done: ld 0x80570a8 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree ### SNIP ### The host is running Tivoli Directory Server 5.2. I do not control the host, but I can install any distro on the client. What can I do to help resolve this issue? Is there further debugging information that I could provide? Regards, Leons Petrazickis http://lpetr.org/blog/ From michael at stroeder.com Mon Mar 3 21:30:45 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 03 Mar 2008 21:30:45 +0100 Subject: Local error in simple_bind_s() continued In-Reply-To: References: Message-ID: <47CC5FF5.6030009@stroeder.com> Leons Petrazickis wrote: > > I just installed Suse Linux Enterprise Desktop 10. It comes with OpenLDAP > 2.3.19 and Python 2.4. On top of that, I built the latest CVS checkout of > python-ldap. Could you please try to install Ralf Haferkamp's recent OpenLDAP RPMs for SLE 10 from here and rebuild python-ldap: http://download.opensuse.org/repositories/OpenLDAP/SLE_10/i586/openldap2-client-2.3.41-2.1.i586.rpm http://download.opensuse.org/repositories/OpenLDAP/SLE_10/i586/openldap2-devel-2.3.41-2.1.i586.rpm > I am getting the same error as with Ubuntu. OpenLDAP works, but python-ldap > crashes. Previous thread: > import ldap; > ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095); > l = ldap.initialize("ldap://bluepages.ibm.com:636/",trace_level=2); > l.simple_bind_s(); > > This is the output: You're setting trace_level=2 but there are no python-ldap debug messages in your output at all. > The host is running Tivoli Directory Server 5.2. I'm pretty sure I've already accessed this LDAP server with web2ldap, hence python-ldap worked. Don't remember the versions though. Ciao, Michael. From michael at stroeder.com Mon Mar 3 21:37:28 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 03 Mar 2008 21:37:28 +0100 Subject: Local error in simple_bind_s() continued In-Reply-To: References: Message-ID: <47CC6188.5090906@stroeder.com> Leons Petrazickis wrote: > l = ldap.initialize("ldap://bluepages.ibm.com:636/",trace_level=2); > [..] > ldapsearch -h bluepages.ibm.com -x -b "ou=bluepages,o=ibm.com" -s sub > "(sn=leonsp)" cn tieline -d 1 BTW: The connection parameters are not the same! You would have to test with ldapsearch -h bluepages.ibm.com -p 636 [..] and I doubt that will work because port 636 is normally used for LDAP tunneled within SSL. Ciao, Michael. From ChengFu.Yang at gameloft.com Mon Mar 10 05:45:06 2008 From: ChengFu.Yang at gameloft.com (Yang Cheng Fu) Date: Mon, 10 Mar 2008 12:45:06 +0800 Subject: how to write filter argumnt for search function of LDAPObject class Message-ID: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> Hi guys, I am trying to access windows Active directory by using python-ldap, but I do not know how to write filter argument for search function. search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]). For example: A filter sting which based on RFC4515 (http://www.faqs.org/rfcs/rfc4515.html) is "(&(objectclass=organizationalUnit)(c=*))". From the docs of python-ldap, the forms of the argument, ('cn=fred*') and ('objectClass=*') can be found. I?d like to know how to write the sting of "(&(objectclass=organizationalUnit)(c=*))" for search function. I am not sure where it is enough to answer my question, if you need more information, just ask. Thanks a lot ------- YANG ChengFu Unix Administrator Gameloft -- Global Network Services (GNS) * mailto:chengfu.yang at gameloft.com * +86(10)8260-7783 ext.8221 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chaoseternal at gmail.com Mon Mar 10 05:35:51 2008 From: chaoseternal at gmail.com (Chaos Eternal) Date: Mon, 10 Mar 2008 12:35:51 +0800 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> Message-ID: <6456782e0803092135q11ebc5b1q55f46577dc90e527@mail.gmail.com> hi, please write your question in chinese, i can help you translate it. On Mon, Mar 10, 2008 at 12:45 PM, Yang Cheng Fu wrote: > Hi guys, > > > > I am trying to access windows Active directory by using python-ldap, but I > do not know how to write filter argument for search function. > > search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, > attrsonly=0]]]). > > > > For example: A filter sting which based on RFC4515 ( > http://www.faqs.org/rfcs/rfc4515.html) is > "(&(objectclass=organizationalUnit)(c=*))". From the docs of python-ldap, > the forms of the argument, ('cn=fred*') and ('objectClass=*') can be found. > > > > I'd like to know how to write the sting of"(&(objectclass=organizationalUnit)(c=*))"for search function. I am not sure where it is enough to answer my question, > if you need more information, just ask. > > > > Thanks a lot > > *-------* > > *YANG ChengFu* > > *Unix Administrator * > > *Gameloft** **-- Global Network Services (GNS)* > > **** **mailto:chengfu.yang at gameloft.com * > > *(* +86(10)8260-7783 ext.8221 > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Python-LDAP-dev mailing list > Python-LDAP-dev at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > > -- Best Regards Chaos Eternal -------------- next part -------------- An HTML attachment was scrubbed... URL: From ChengFu.Yang at gameloft.com Mon Mar 10 05:59:22 2008 From: ChengFu.Yang at gameloft.com (Yang Cheng Fu) Date: Mon, 10 Mar 2008 12:59:22 +0800 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <6456782e0803092135q11ebc5b1q55f46577dc90e527@mail.gmail.com> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> <6456782e0803092135q11ebc5b1q55f46577dc90e527@mail.gmail.com> Message-ID: <4A6453D174C0314E8D61180CB20015450878E452@bei-mail01.gameloft.org> ???python-ldap???Windows Active directory, ?????LDAPObject?search????filter????????????? "(&(objectclass=organizationalUnit)(c=*))"(??RFC4515) search???????? search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]). ?python-ldap???????? ('cn=fred*')?('objectClass=*'),????"(&(objectclass=organizationalUnit)(c=*))"???? ?????filter, "(&(objectclass=organizationalUnit)(c=*))", ?search??????? I am not sure where it is enough to answer my question, if you need more information, just ask. Thanks a lot ------- YANG ChengFu Unix Administrator Gameloft -- Global Network Services (GNS) * mailto:chengfu.yang at gameloft.com * +86(10)8260-7783 ext.8221 ________________________________ From: Chaos Eternal [mailto:chaoseternal at gmail.com] Sent: Monday, March 10, 2008 12:36 PM To: Yang Cheng Fu Cc: python-ldap-dev at lists.sourceforge.net Subject: Re: how to write filter argumnt for search function of LDAPObject class hi, please write your question in chinese, i can help you translate it. On Mon, Mar 10, 2008 at 12:45 PM, Yang Cheng Fu wrote: Hi guys, I am trying to access windows Active directory by using python-ldap, but I do not know how to write filter argument for search function. search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]). For example: A filter sting which based on RFC4515 (http://www.faqs.org/rfcs/rfc4515.html) is "(&(objectclass=organizationalUnit)(c=*))". From the docs of python-ldap, the forms of the argument, ('cn=fred*') and ('objectClass=*') can be found. I'd like to know how to write the sting of "(&(objectclass=organizationalUnit)(c=*))" for search function. I am not sure where it is enough to answer my question, if you need more information, just ask. Thanks a lot ------- YANG ChengFu Unix Administrator Gameloft -- Global Network Services (GNS) * mailto:chengfu.yang at gameloft.com * +86(10)8260-7783 ext.8221 -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -- Best Regards Chaos Eternal -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chaoseternal at gmail.com Mon Mar 10 07:10:27 2008 From: chaoseternal at gmail.com (Chaos Eternal) Date: Mon, 10 Mar 2008 14:10:27 +0800 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <4A6453D174C0314E8D61180CB20015450878E452@bei-mail01.gameloft.org> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> <6456782e0803092135q11ebc5b1q55f46577dc90e527@mail.gmail.com> <4A6453D174C0314E8D61180CB20015450878E452@bei-mail01.gameloft.org> Message-ID: <6456782e0803092310t4a6f93aej63eb989391a4eacf@mail.gmail.com> ##here comes the translation: I'm using python-ldap to access Windows Active Directory, but I don't know howto write the 'filter' parameter in the function search of LDAPObject. Based upon RFC4515, I want the filter paramter to be "(&(objectclass=organizationalUnit)(c=*))". According to the manual, the proto-type of search function is: search(base, scope[,filterstr='(objectclass=*)'[, attrlist=None [, attrsonly=0]]]) and there are some example in the manual: ('cn=fred*') and ('objectclass=*'), but i can't find a way to express "(&(objectclass=organizationalUnit)(c=*))", Could anybody help me? ##end of translation 2008/3/10 Yang Cheng Fu : > ???python-ldap???Windows Active directory, ?????LDAPObject?search???? > filter????????????? > > "(&(objectclass=organizationalUnit)(c=*))"(??RFC4515) > > > > search???????? > > search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, > attrsonly=0]]]). > > > > ?python-ldap???????? ('cn=fred*')?('objectClass=*'),???? > "(&(objectclass=organizationalUnit)(c=*))"???? > > > > ?????filter, "(&(objectclass=organizationalUnit)(c=*))", ?search??????? > > > > I am not sure where it is enough to answer my question, if you need more > information, just ask. > > > > Thanks a lot > > > > *-------* > > *YANG ChengFu* > > *Unix Administrator * > > *Gameloft** **-- Global Network Services (GNS)* > > **** **mailto:chengfu.yang at gameloft.com * > > *(* +86(10)8260-7783 ext.8221 > ------------------------------ > > *From:* Chaos Eternal [mailto:chaoseternal at gmail.com] > *Sent:* Monday, March 10, 2008 12:36 PM > *To:* Yang Cheng Fu > *Cc:* python-ldap-dev at lists.sourceforge.net > *Subject:* Re: how to write filter argumnt for search function of > LDAPObject class > > > > hi, > please write your question in chinese, i can help you translate it. > > On Mon, Mar 10, 2008 at 12:45 PM, Yang Cheng Fu > wrote: > > Hi guys, > > > > I am trying to access windows Active directory by using python-ldap, but I > do not know how to write filter argument for search function. > > search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, > attrsonly=0]]]). > > > > For example: A filter sting which based on RFC4515 ( > http://www.faqs.org/rfcs/rfc4515.html) is > "(&(objectclass=organizationalUnit)(c=*))". From the docs of python-ldap, > the forms of the argument, ('cn=fred*') and ('objectClass=*') can be found. > > > > I'd like to know how to write the sting of"(&(objectclass=organizationalUnit)(c=*))"for search function. I am not sure where it is enough to answer my question, > if you need more information, just ask. > > > > Thanks a lot > > *-------* > > *YANG ChengFu* > > *Unix Administrator * > > *Gameloft** **-- Global Network Services (GNS)* > > **** **mailto:chengfu.yang at gameloft.com * > > *(* +86(10)8260-7783 ext.8221 > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Python-LDAP-dev mailing list > Python-LDAP-dev at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > > > > > -- > Best Regards > Chaos Eternal > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- Best Regards Chaos Eternal -------------- next part -------------- An HTML attachment was scrubbed... URL: From ChengFu.Yang at gameloft.com Mon Mar 10 07:26:15 2008 From: ChengFu.Yang at gameloft.com (Yang Cheng Fu) Date: Mon, 10 Mar 2008 14:26:15 +0800 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <6456782e0803092310t4a6f93aej63eb989391a4eacf@mail.gmail.com> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> <6456782e0803092135q11ebc5b1q55f46577dc90e527@mail.gmail.com> <4A6453D174C0314E8D61180CB20015450878E452@bei-mail01.gameloft.org> <6456782e0803092310t4a6f93aej63eb989391a4eacf@mail.gmail.com> Message-ID: <4A6453D174C0314E8D61180CB20015450878E5DE@bei-mail01.gameloft.org> Hello Chaos, Thanks a lot! ------- YANG ChengFu Unix Administrator Gameloft -- Global Network Services (GNS) * mailto:chengfu.yang at gameloft.com * +86(10)8260-7783 ext.8221 ________________________________ From: Chaos Eternal [mailto:chaoseternal at gmail.com] Sent: Monday, March 10, 2008 2:10 PM To: Yang Cheng Fu Cc: python-ldap-dev at lists.sourceforge.net Subject: Re: how to write filter argumnt for search function of LDAPObject class ##here comes the translation: I'm using python-ldap to access Windows Active Directory, but I don't know howto write the 'filter' parameter in the function search of LDAPObject. Based upon RFC4515, I want the filter paramter to be "(&(objectclass=organizationalUnit)(c=*))". According to the manual, the proto-type of search function is: search(base, scope[,filterstr='(objectclass=*)'[, attrlist=None [, attrsonly=0]]]) and there are some example in the manual: ('cn=fred*') and ('objectclass=*'), but i can't find a way to express "(&(objectclass=organizationalUnit)(c=*))", Could anybody help me? ##end of translation ________________________________ From: Chaos Eternal [mailto:chaoseternal at gmail.com] Sent: Monday, March 10, 2008 12:36 PM To: Yang Cheng Fu Cc: python-ldap-dev at lists.sourceforge.net Subject: Re: how to write filter argumnt for search function of LDAPObject class hi, please write your question in chinese, i can help you translate it. On Mon, Mar 10, 2008 at 12:45 PM, Yang Cheng Fu wrote: Hi guys, I am trying to access windows Active directory by using python-ldap, but I do not know how to write filter argument for search function. search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, attrsonly=0]]]). For example: A filter sting which based on RFC4515 (http://www.faqs.org/rfcs/rfc4515.html) is "(&(objectclass=organizationalUnit)(c=*))". From the docs of python-ldap, the forms of the argument, ('cn=fred*') and ('objectClass=*') can be found. I'd like to know how to write the sting of "(&(objectclass=organizationalUnit)(c=*))" for search function. I am not sure where it is enough to answer my question, if you need more information, just ask. Thanks a lot ------- YANG ChengFu Unix Administrator Gameloft -- Global Network Services (GNS) * mailto:chengfu.yang at gameloft.com * +86(10)8260-7783 ext.8221 -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -- Best Regards Chaos Eternal -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- Best Regards Chaos Eternal -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ChengFu.Yang at gameloft.com Mon Mar 10 09:28:25 2008 From: ChengFu.Yang at gameloft.com (Yang Cheng Fu) Date: Mon, 10 Mar 2008 16:28:25 +0800 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <47D4ED0C.50400@stroeder.com> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> <47D4ED0C.50400@stroeder.com> Message-ID: <4A6453D174C0314E8D61180CB20015450878E8B4@bei-mail01.gameloft.org> Hello Michael, Thanks for your help. ------- YANG ChengFu Unix Administrator Gameloft -- Global Network Services (GNS) * mailto:chengfu.yang at gameloft.com * +86(10)8260-7783 ext.8221 -----Original Message----- From: Michael Str?der [mailto:michael at stroeder.com] Sent: Monday, March 10, 2008 4:11 PM To: Yang Cheng Fu Cc: python-ldap-dev at lists.sourceforge.net Subject: Re: how to write filter argumnt for search function of LDAPObject class Yang Cheng Fu wrote: > > I am trying to access windows Active directory by using python-ldap, but > I do not know how to write filter argument for search function. From http://python-ldap.sourceforge.net/doc/python-ldap/ldap-objects.html: --------------------------- snip --------------------------- The filterstr argument is a string representation of the filter to apply in the search. See Also: RFC 4515, Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. --------------------------- snip --------------------------- > search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, > attrsonly=0]]]). > > For example: A filter sting which based on RFC4515 > (http://www.faqs.org/rfcs/rfc4515.html) is > "(&(objectclass=organizationalUnit)(c=*))". Yupp. That's exactly the string you have to pass to method search() and its derivates as argument filterstr. > From the docs of > python-ldap, the forms of the argument, ('cn=fred*') and > ('objectClass=*') can be found. Ouch! The example filterstr values on http://python-ldap.sourceforge.net/doc/python-ldap/ldap-example.html are simply typos. Sorry for that. Ciao, Michael. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From michael at stroeder.com Mon Mar 10 09:10:52 2008 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Mon, 10 Mar 2008 09:10:52 +0100 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> Message-ID: <47D4ED0C.50400@stroeder.com> Yang Cheng Fu wrote: > > I am trying to access windows Active directory by using python-ldap, but > I do not know how to write filter argument for search function. From http://python-ldap.sourceforge.net/doc/python-ldap/ldap-objects.html: --------------------------- snip --------------------------- The filterstr argument is a string representation of the filter to apply in the search. See Also: RFC 4515, Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters. --------------------------- snip --------------------------- > search(base, scope [,filterstr='(objectClass=*)' [, attrlist=None [, > attrsonly=0]]]). > > For example: A filter sting which based on RFC4515 > (http://www.faqs.org/rfcs/rfc4515.html) is > "(&(objectclass=organizationalUnit)(c=*))". Yupp. That's exactly the string you have to pass to method search() and its derivates as argument filterstr. > From the docs of > python-ldap, the forms of the argument, ('cn=fred*') and > ('objectClass=*') can be found. Ouch! The example filterstr values on http://python-ldap.sourceforge.net/doc/python-ldap/ldap-example.html are simply typos. Sorry for that. Ciao, Michael. From michael at stroeder.com Mon Mar 10 09:18:21 2008 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Mon, 10 Mar 2008 09:18:21 +0100 Subject: how to write filter argumnt for search function of LDAPObject class In-Reply-To: <4A6453D174C0314E8D61180CB20015450878E8B4@bei-mail01.gameloft.org> References: <4A6453D174C0314E8D61180CB20015450878E447@bei-mail01.gameloft.org> <47D4ED0C.50400@stroeder.com> <4A6453D174C0314E8D61180CB20015450878E8B4@bei-mail01.gameloft.org> Message-ID: <47D4EECD.40808@stroeder.com> Yang Cheng Fu wrote: > > Thanks for your help. Thanks for finding a bug in the docs. Ciao, Michael. From michael at stroeder.com Mon Mar 10 09:34:34 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Mon, 10 Mar 2008 09:34:34 +0100 Subject: Removing person names in python-ldap's source files Message-ID: <47D4F29A.9070309@stroeder.com> HI! inspired by a presentation the Subversion guys gave (as Google tech talk) I'd like to remove all person names from the source code files. Instead authors/contributors are all listed in README. I already removed *my* name from all the python modules it appeared in. Now I'd like to ask for the permission, especially by David, to remove all other person names from the files Modules/*. Ciao, Michael. From jamesa at daa.com.au Tue Mar 11 13:43:44 2008 From: jamesa at daa.com.au (James Andrewartha) Date: Tue, 11 Mar 2008 21:43:44 +0900 Subject: Missing method in ldap.cidict Message-ID: <1205239424.6309.1.camel@zarvora> Hi, The cidict class needs the following method for "attr in cidict" to work properly: def __contains__(self,key): return self.has_key(key) Otherwise it defaults to using the UserDict __contains__ which isn't case-insensitive. Thanks, James Andrewartha From michael at stroeder.com Tue Mar 11 15:30:23 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Tue, 11 Mar 2008 15:30:23 +0100 Subject: Missing method in ldap.cidict In-Reply-To: <1205239424.6309.1.camel@zarvora> References: <1205239424.6309.1.camel@zarvora> Message-ID: <47D6977F.8070601@stroeder.com> James Andrewartha wrote: > > The cidict class needs the following method for "attr in cidict" to work > properly: > > def __contains__(self,key): > return self.has_key(key) > > Otherwise it defaults to using the UserDict __contains__ which isn't > case-insensitive. Thanks for reporting it. It's already in the CVS but not in a release yet. ---------------------------- revision 1.11 date: 2007/12/26 11:49:25; author: stroeder; state: Exp; lines: +5 -2 New method ldap.cidict.cidict.__contains__() ---------------------------- Ciao, Michael. From leonsp at ca.ibm.com Mon Mar 17 18:47:51 2008 From: leonsp at ca.ibm.com (Leons Petrazickis) Date: Mon, 17 Mar 2008 13:47:51 -0400 Subject: Local error in simple_bind_s() continued In-Reply-To: <47CC6188.5090906@stroeder.com> Message-ID: Michael Str?der wrote on 03/03/2008 03:37:28 PM: > Leons Petrazickis wrote: > > l = ldap.initialize("ldap://bluepages.ibm.com:636/",trace_level=2); > > [..] > > ldapsearch -h bluepages.ibm.com -x -b "ou=bluepages,o=ibm.com" -s sub > > "(sn=leonsp)" cn tieline -d 1 > > BTW: The connection parameters are not the same! > > You would have to test with > ldapsearch -h bluepages.ibm.com -p 636 [..] > and I doubt that will work because port 636 is normally used for > LDAP tunneled within SSL. That was indeed the problem. Thank you very much for all the assistance. Regards, Leons Petrazickis From amaramrahul at gmail.com Wed Mar 19 14:47:55 2008 From: amaramrahul at gmail.com (Rahul Amaram) Date: Wed, 19 Mar 2008 19:17:55 +0530 Subject: adding binary attribute using python-ldap Message-ID: <47E1198B.8090204@gmail.com> Hi, I was wondering if there is any way I can add binary data (such as jpegPhoto and userCertificate) using python-ldap. I've googled but coudn't find any solution. If there is no way of doing it, what is the best alternative solution? Thanks and Regards, Rahul. -- http://rahul.amaram.name From michael at stroeder.com Wed Mar 19 19:01:25 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 19 Mar 2008 19:01:25 +0100 Subject: adding binary attribute using python-ldap In-Reply-To: <47E1198B.8090204@gmail.com> References: <47E1198B.8090204@gmail.com> Message-ID: <47E154F5.4090903@stroeder.com> Rahul Amaram wrote: > I was wondering if there is any way I can add binary data (such as > jpegPhoto and userCertificate) using python-ldap. I've googled but > coudn't find any solution. If there is no way of doing it, what is the > best alternative solution? There's simply no difference. Note that normal strings are binary buffers in Python 2.x anyway. Since python-ldap does not treat Unicode objects differently at the moment any attribute value passed to a LDAPObject method is passed on in LDAP requests as is. Ciao, Michael. From amaramrahul at gmail.com Wed Mar 19 19:54:17 2008 From: amaramrahul at gmail.com (Rahul Amaram) Date: Thu, 20 Mar 2008 00:24:17 +0530 Subject: adding binary attribute using python-ldap In-Reply-To: <47E154F5.4090903@stroeder.com> References: <47E1198B.8090204@gmail.com> <47E154F5.4090903@stroeder.com> Message-ID: Hi Michael, Thanks for the response. I think I found the reason for the error. It seems to be necessary to append ";binary" to the attribute name while adding/modifying binary attributes. So for instance if I am adding/modifying userCertificate, I will have to use the attribute name "userCertificate;binary". Else you are likely to get an undefined attribute / binary transfer failed error. Regards, Rahul. On Wed, 19 Mar 2008 19:01:25 +0100, Michael Str?der wrote: > Rahul Amaram wrote: >> I was wondering if there is any way I can add binary data (such as >> jpegPhoto and userCertificate) using python-ldap. I've googled but >> coudn't find any solution. If there is no way of doing it, what is the >> best alternative solution? > > There's simply no difference. Note that normal strings are binary buffers > in > Python 2.x anyway. Since python-ldap does not treat Unicode objects > differently at the moment any attribute value passed to a LDAPObject > method > is passed on in LDAP requests as is. > > Ciao, Michael. From michael at stroeder.com Thu Mar 20 10:04:22 2008 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Thu, 20 Mar 2008 10:04:22 +0100 Subject: adding binary attribute using python-ldap In-Reply-To: References: <47E1198B.8090204@gmail.com> <47E154F5.4090903@stroeder.com> Message-ID: <47E22896.4020204@stroeder.com> Rahul Amaram wrote: > Thanks for the response. I think I found the reason for the error. It seems > to be necessary to append ";binary" to the attribute name while > adding/modifying binary attributes. Not for all, better to say for just a few. Sending JPEG picture data for attribute type 'jpegPhoto' works straight with this attribute type name. > So for instance if I am > adding/modifying userCertificate, I will have to use the attribute name > "userCertificate;binary". Else you are likely to get an undefined attribute > / binary transfer failed error. Yes, for most attribute types which hold certificate data. This has historic reasons because without ;binary another LDAP-specific encoding could be transferred. There has never been such a encoding defined. But you MUST use ;binary for attributes with syntax 'X.509 Certificate' (syntax OID 1.3.6.1.4.1.1466.115.121.1.8). See also section 2.1 of http://www.ietf.org/rfc/rfc4523.txt Ciao, Michael. From d at adaptive-enterprises.com.au Thu Mar 20 12:17:19 2008 From: d at adaptive-enterprises.com.au (David Leonard) Date: Thu, 20 Mar 2008 21:17:19 +1000 Subject: Removing person names in python-ldap's source files In-Reply-To: <47D4F29A.9070309@stroeder.com> References: <47D4F29A.9070309@stroeder.com> Message-ID: <47E247BF.7030609@adaptive-enterprises.com.au> Michael Str?der wrote: > HI! > > inspired by a presentation the Subversion guys gave (as Google tech talk) > I'd like to remove all person names from the source code files. Instead > authors/contributors are all listed in README. > > I already removed *my* name from all the python modules it appeared in. Now > I'd like to ask for the permission, especially by David, to remove all other > person names from the files Modules/*. > > Hi, Michael - sorry for the delay, I have been vacationing. Is the tech talk presentation online? It sounds like a good idea; please move my name out of source files.: you have my permission. The commit info is probably going to be sufficient :) Also, I added python-ldap to ohloh (http://www.ohloh.net/projects/11988) d -- David Leonard d at adaptive-enterprises.com.au Ph:+61 404 844 850 From michael at stroeder.com Thu Mar 20 13:28:36 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 20 Mar 2008 13:28:36 +0100 Subject: Removing person names in python-ldap's source files In-Reply-To: <47E247BF.7030609@adaptive-enterprises.com.au> References: <47D4F29A.9070309@stroeder.com> <47E247BF.7030609@adaptive-enterprises.com.au> Message-ID: <47E25874.3020605@stroeder.com> David Leonard wrote: > Michael Str?der wrote: >> >> inspired by a presentation the Subversion guys gave (as Google tech >> talk) I'd like to remove all person names from the source code files. >> Instead authors/contributors are all listed in README. >> >> I already removed *my* name from all the python modules it appeared >> in. Now I'd like to ask for the permission, especially by David, to >> remove all other person names from the files Modules/*. > > Is the tech talk presentation online? "How Open Source Projects Survive Poisonous People (And You Can Too)" http://video.google.nl/videoplay?docid=-4216011961522818645 Fortunately we didn't have this kind of problems in the past. But I wanted to avoid discussions about when a personal name on source or documentation is mentioned. > It sounds like a good idea; please > move my name out of source files.: you have my permission. Ok, done. Also in Doc/. > The commit > info is probably going to be sufficient :) Yes. And the contributors are and will be listed in README. Ciao, Michael. From Ron at USMedRec.com Wed Mar 26 02:27:16 2008 From: Ron at USMedRec.com (Ron Teitelbaum) Date: Tue, 25 Mar 2008 21:27:16 -0400 Subject: Too many established connections Message-ID: Hello, I'm running into a problem with python open ldap connections. It appears that they are not closing properly. I'm doing a bind->call->unbind on every call. I am also using the ReconnectLdapObject to try to help with "can not connect" problems, although I still get a significant number of can not connect problems that I handle with a retry. The server died the first time we tried to put a significant load on it. Does anyone have suggestions for fixing this problem or figuring out what is leaving connections open? Thanks, Ron Teitelbaum From michael at stroeder.com Wed Mar 26 09:37:48 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 26 Mar 2008 09:37:48 +0100 Subject: Too many established connections In-Reply-To: References: Message-ID: <47EA0B5C.7020803@stroeder.com> Ron Teitelbaum wrote: > > I'm running into a problem with python open ldap connections. ^^^^^^^^^^^^^^^^ Do you mean python-ldap connections or connections to an OpenLDAP server from Python? > It appears that they are not closing properly. Can you check in the server's log whether unbind is processed? > I'm doing a bind->call->unbind on every > call. Is that really necessary? > I am also using the ReconnectLdapObject to try to help with "can not > connect" problems, Well, using ReconnectLdapObject and doing bind-search-unbind all the time is somewhat contradictory since ReconnectLdapObject is for keeping long-lasting connections alive. But this should not be the problem. > although I still get a significant number of can not > connect problems that I handle with a retry. Any network problems in between? > The server died the first time we tried to put a significant load on it. What server (vendor and version) is this? Which version of python-ldap and which version OpenLDAP libs are used? Ciao, Michael. From Ron at USMedRec.com Wed Mar 26 16:33:53 2008 From: Ron at USMedRec.com (Ron Teitelbaum) Date: Wed, 26 Mar 2008 11:33:53 -0400 Subject: CLOSE_WAIT sessions (was: Too many established connections) In-Reply-To: <47EA0B5C.7020803@stroeder.com> References: <47EA0B5C.7020803@stroeder.com> Message-ID: Hi Michael, > -----Original Message----- > From: Michael Str?der > > Ron Teitelbaum wrote: > > > > I'm running into a problem with python open ldap connections. > ^^^^^^^^^^^^^^^^ > Do you mean python-ldap connections or connections to an OpenLDAP server > from Python? Yes python-ldap. I'm using a smalltalk -> python-ldap 2.2.1 -> openLDAP 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux 2.6.20-16-generic) > > Can you check in the server's log whether unbind is processed? I went through and found that there was some exception handling in my code that caused the unbind to be skipped. I fixed that and things are significantly better now. Thank you! I am still having a problem but it looks like we had ldap hang up. There were some connections with CLOSE_WAIT that caused everything to get hung up. It looked like we were not able to bind after that. Have you seen that problem before? I rebooted the system and have not seen the error again, so things are currently stable, we are going to try a load test in about an hour or so. > > > I'm doing a bind->call->unbind on every > > call. > > Is that really necessary? When I started writing this code I assumed that I needed some sort of connection pooling. When bind->call->unbind turned out to be very fast I figured the pool was a premature optimization. Maybe I should have stuck with my gut feeling. > > > I am also using the ReconnectLdapObject to try to help with "can not > > connect" problems, > > Well, using ReconnectLdapObject and doing bind-search-unbind all the time > is > somewhat contradictory since ReconnectLdapObject is for keeping long- > lasting > connections alive. But this should not be the problem. That's interesting. I thought ReconnectLdapObject's primary purpose was to help with can-not-connect issues. Very often we get can-not-connect errors. Sometimes we get them even when things worked. We wrote some handlers to retry and to ignore errors associated with duplicate processing. Any idea why we would be getting can-not-connect errors? (we get them sporadically with bind, write, search ...) > > > although I still get a significant number of can not > > connect problems that I handle with a retry. > > Any network problems in between? No for right now we are running OpenLdap and Python-ldap and Smalltalk all on the same box. > > > The server died the first time we tried to put a significant load on it. > > What server (vendor and version) is this? Which version of python-ldap and > which version OpenLDAP libs are used? python-ldap 2.2.1 -> openLDAP 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux 2.6.20-16-generic) The older releases above are to stay inline with the Debian release. Also we are currently locked into python 2.4.4. Upgrading python is not currently an option for this system. > > Ciao, Michael. Thank you very much for your help! Ron Teitelbaum From python-ldap at tk-webart.de Wed Mar 26 16:53:46 2008 From: python-ldap at tk-webart.de (Torsten Kurbad) Date: Wed, 26 Mar 2008 16:53:46 +0100 Subject: ANN: python-ldap-2.3.2 In-Reply-To: <47EA48CE.8040604@stroeder.com> References: <47EA48CE.8040604@stroeder.com> Message-ID: <20080326165346.487d760f@atalante.iwm-kmrc.de> Hi Michael, > Released 2.3.2 2008-03-26 neat! :o) But I ran into a problem while trying to build on my x86_64 Linux box: Modules/constants.c: In function 'LDAPinit_constants': Modules/constants.c:152: error: 'LDAP_OPT_DIAGNOSTIC_MESSAGE' undeclared (first use in this function) Modules/constants.c:152: error: (Each undeclared identifier is reported only once Modules/constants.c:152: error: for each function it appears in.) OpenLDAP version is 2.3.41, gcc 4.2.3, glibc 2.7. Any clues? Regards, Torsten -- Weekend, where are you? From michael at stroeder.com Wed Mar 26 17:02:22 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 26 Mar 2008 17:02:22 +0100 Subject: CLOSE_WAIT sessions In-Reply-To: References: <47EA0B5C.7020803@stroeder.com> Message-ID: <47EA738E.2010509@stroeder.com> Ron, Ron Teitelbaum wrote: > Yes python-ldap. I'm using a smalltalk -> python-ldap 2.2.1 -> openLDAP > 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux 2.6.20-16-generic) There has been important fixes for Python 2.5 and also ReconnectLDAPObject in 2.3.0. So I'd recommend to build python-ldap 2.3.2 (released today). >>> I'm doing a bind->call->unbind on every >>> call. >> Is that really necessary? > > When I started writing this code I assumed that I needed some sort of > connection pooling. When bind->call->unbind turned out to be very fast I > figured the pool was a premature optimization. Maybe I should have stuck > with my gut feeling. A connection pool and making a new connection all the time are very extreme variants. I don't know your application's needs though. >>> I am also using the ReconnectLdapObject to try to help with "can not >>> connect" problems, >> Well, using ReconnectLdapObject and doing bind-search-unbind all the time >> is >> somewhat contradictory since ReconnectLdapObject is for keeping long- >> lasting >> connections alive. But this should not be the problem. > > That's interesting. I thought ReconnectLdapObject's primary purpose was to > help with can-not-connect issues. Yes, but mainly for long-lasting connections. > Very often we get can-not-connect errors. > Sometimes we get them even when things worked. We wrote some handlers to > retry and to ignore errors associated with duplicate processing. Any idea > why we would be getting can-not-connect errors? (we get them sporadically > with bind, write, search ...) You mean ldap.SERVER_DOWN exceptions? Yes, you could ReconnectLdapObject to make things a litte easier within your application. If you're solely using the synchronous methods you don't have to catch the exceptions yourself. But if you experience this to happen very often you should try to solve the problem causing this. >>> The server died the first time we tried to put a significant load on it. >> What server (vendor and version) is this? Which version of python-ldap and >> which version OpenLDAP libs are used? > > python-ldap 2.2.1 -> openLDAP 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux > 2.6.20-16-generic) > > The older releases above are to stay inline with the Debian release. I see several problems with Debian packages: 1. Some Debian packages of python-ldap were heavily patched to work with ancient OpenLDAP 2.1 libs. I refuse to give support for those. Don't know about the particular version you're using though. 2. OpenLDAP debian packages are linked against gnu-tls which causes all sorts of problems when LDAP over SSL (LDAPS) or StartTLS ext.op. is used. This could lead to ldap.SERVER_DOWN to be raised if anything goes wrong at SSL/TLS level Ciao, Michael. From noah.gift at gmail.com Wed Mar 26 17:06:56 2008 From: noah.gift at gmail.com (Noah Gift) Date: Wed, 26 Mar 2008 12:06:56 -0400 Subject: any luck with downloaded virtual machines running preconfigured ldap server In-Reply-To: References: Message-ID: <3575C9F7-20C2-43BF-B46D-C1A45F2B31C6@gmail.com> I was wondering if anyone had a pointer to a virtual machine they could recommend that I could download and test some python-ldap code. Additionally, it would be nice if I could find something that could pre-populate LDAP with test records, although, I suppose that is being too lazy even for me :) Noah Gift From michael at stroeder.com Wed Mar 26 17:19:05 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 26 Mar 2008 17:19:05 +0100 Subject: ANN: python-ldap-2.3.2 In-Reply-To: <20080326165346.487d760f@atalante.iwm-kmrc.de> References: <47EA48CE.8040604@stroeder.com> <20080326165346.487d760f@atalante.iwm-kmrc.de> Message-ID: <47EA7779.8010607@stroeder.com> Torsten Kurbad wrote: > But I ran into a problem while trying to build on my x86_64 Linux box: > > Modules/constants.c: In function 'LDAPinit_constants': > Modules/constants.c:152: error: 'LDAP_OPT_DIAGNOSTIC_MESSAGE' Sorry for that. This constant is available since OpenLDAP 2.4.x. Thanks for reporting it so quickly. ldap.h of OpenLDAP 2.4: #define LDAP_OPT_DIAGNOSTIC_MESSAGE 0x0032 #define LDAP_OPT_ERROR_STRING LDAP_OPT_DIAGNOSTIC_MESSAGE Renaming was probably done to reflect a name change in the revised LDAPv3 RFCs. I'll release 2.3.3 tested with OpenLDAP 2.3.x libs. Ciao, Michael. From michael at stroeder.com Wed Mar 26 17:02:22 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 26 Mar 2008 17:02:22 +0100 Subject: CLOSE_WAIT sessions In-Reply-To: References: <47EA0B5C.7020803@stroeder.com> Message-ID: <47EA738E.2010509@stroeder.com> Ron, Ron Teitelbaum wrote: > Yes python-ldap. I'm using a smalltalk -> python-ldap 2.2.1 -> openLDAP > 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux 2.6.20-16-generic) There has been important fixes for Python 2.5 and also ReconnectLDAPObject in 2.3.0. So I'd recommend to build python-ldap 2.3.2 (released today). >>> I'm doing a bind->call->unbind on every >>> call. >> Is that really necessary? > > When I started writing this code I assumed that I needed some sort of > connection pooling. When bind->call->unbind turned out to be very fast I > figured the pool was a premature optimization. Maybe I should have stuck > with my gut feeling. A connection pool and making a new connection all the time are very extreme variants. I don't know your application's needs though. >>> I am also using the ReconnectLdapObject to try to help with "can not >>> connect" problems, >> Well, using ReconnectLdapObject and doing bind-search-unbind all the time >> is >> somewhat contradictory since ReconnectLdapObject is for keeping long- >> lasting >> connections alive. But this should not be the problem. > > That's interesting. I thought ReconnectLdapObject's primary purpose was to > help with can-not-connect issues. Yes, but mainly for long-lasting connections. > Very often we get can-not-connect errors. > Sometimes we get them even when things worked. We wrote some handlers to > retry and to ignore errors associated with duplicate processing. Any idea > why we would be getting can-not-connect errors? (we get them sporadically > with bind, write, search ...) You mean ldap.SERVER_DOWN exceptions? Yes, you could ReconnectLdapObject to make things a litte easier within your application. If you're solely using the synchronous methods you don't have to catch the exceptions yourself. But if you experience this to happen very often you should try to solve the problem causing this. >>> The server died the first time we tried to put a significant load on it. >> What server (vendor and version) is this? Which version of python-ldap and >> which version OpenLDAP libs are used? > > python-ldap 2.2.1 -> openLDAP 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux > 2.6.20-16-generic) > > The older releases above are to stay inline with the Debian release. I see several problems with Debian packages: 1. Some Debian packages of python-ldap were heavily patched to work with ancient OpenLDAP 2.1 libs. I refuse to give support for those. Don't know about the particular version you're using though. 2. OpenLDAP debian packages are linked against gnu-tls which causes all sorts of problems when LDAP over SSL (LDAPS) or StartTLS ext.op. is used. This could lead to ldap.SERVER_DOWN to be raised if anything goes wrong at SSL/TLS level Ciao, Michael. From michael at stroeder.com Wed Mar 26 17:49:45 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 26 Mar 2008 17:49:45 +0100 Subject: any luck with downloaded virtual machines running preconfigured ldap server In-Reply-To: <3575C9F7-20C2-43BF-B46D-C1A45F2B31C6@gmail.com> References: <3575C9F7-20C2-43BF-B46D-C1A45F2B31C6@gmail.com> Message-ID: <47EA7EA9.8030804@stroeder.com> Noah Gift wrote: > I was wondering if anyone had a pointer to a virtual machine they > could recommend that I could download and test some python-ldap code. How about searching for an openSUSE 10.3 VM and, if python-ldap is not already installed, just invoke "yast -i python-ldap" as root on the command-line. Ciao, Michael. From noah.gift at gmail.com Wed Mar 26 17:53:24 2008 From: noah.gift at gmail.com (Noah Gift) Date: Wed, 26 Mar 2008 12:53:24 -0400 Subject: any luck with downloaded virtual machines running preconfigured ldap server In-Reply-To: <47EA7EA9.8030804@stroeder.com> References: <3575C9F7-20C2-43BF-B46D-C1A45F2B31C6@gmail.com> <47EA7EA9.8030804@stroeder.com> Message-ID: On Mar 26, 2008, at 12:49 PM, Michael Str?der wrote: > Noah Gift wrote: >> I was wondering if anyone had a pointer to a virtual machine they >> could recommend that I could download and test some python-ldap code. > > How about searching for an openSUSE 10.3 VM and, if python-ldap is > not already installed, just invoke "yast -i python-ldap" as root on > the command-line. another good idea...thanks! I have been a bit spoiled with the super tiny rpath zenoss virtual machines. Getting one of those for a test ldap environment would be nice! > > > Ciao, Michael. Noah Gift / http://noahgift.com From michael at stroeder.com Wed Mar 26 21:28:07 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Wed, 26 Mar 2008 21:28:07 +0100 Subject: [ 1926507 ] Calling get_option(ldap.OPT_DIAGNOSTIC_MESSAGE) seg faults Message-ID: <47EAB1D7.8060003@stroeder.com> HI! Anyone out there with C programming skills willing to look into issue tracker item #1926507 ? http://sourceforge.net/tracker/index.php?func=detail&aid=1926507&group_id=2072&atid=102072 Seems to be a long-lasting bug.... Ciao, Michael. From michael at stroeder.com Thu Mar 27 10:46:32 2008 From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=) Date: Thu, 27 Mar 2008 10:46:32 +0100 Subject: cvs link In-Reply-To: References: Message-ID: <47EB6CF8.6070402@stroeder.com> HI! please send messages like this to the mailing list python-ldap-dev at lists.sourceforge.net (Cc:-ed) so others can answer and learn as well. Thanks. meldra wrote: > > I've been trying the past few days to easy_install > python-ldap, but found out a few minutes ago that the CVS > link that pypi gets from the web page is incorrect. error: > Download error for > http://cvs.sourceforge.net/cvstarballs/python-ldap-cvsroot.tar.gz: > (113, 'No route to host') Frankly I don't know anything about easy_install. > Is there any way you can fix this? > Here is the information I was given on the sourceforge forums: > Posted 16 hours ago by silverfang > Thats the old way with the cvs, svn browse. > Try projectname.cvs.sourceforge.net/projectname/ Yes, it's an old URL. But where exactly does it come from? The only pypi entry for python-ldap I know of is http://pypi.python.org/pypi/python-ldap/ And this is the one I'm still maintaining. I might have missed something though. Ciao, Michael. From Ron at USMedRec.com Thu Mar 27 20:50:37 2008 From: Ron at USMedRec.com (Ron Teitelbaum) Date: Thu, 27 Mar 2008 15:50:37 -0400 Subject: Leaving a connection open Message-ID: Hi, I have a few questions about leaving a bound connection open for sharing (python 2.4.4, python-ldap 2.2.1 - openldap 2.3-2.3.30 on Ubuntu 7.04). I'm using Async messages is there any benefit to using ReconnectLdapObject? I noticed that the comments http://vmspython.dyndns.org/pyhtmldoc/ldap.ldapobject.html said that the class was intended for synchronous calls. Is it ok to leave the connection open for long periods like a month? Is it realistic to believe that the connection would remain stable and be useable for production if left open? Is there a way to tell if the connection died so that I can reconnect a shared connection if the connection dropped off? I tried unbind and whoami_s but got a very nasty memory error after a very long delay. Thanks for your help! Ron Teitelbaum From michael at stroeder.com Thu Mar 27 23:32:46 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Thu, 27 Mar 2008 23:32:46 +0100 Subject: Leaving a connection open In-Reply-To: References: Message-ID: <47EC208E.5020006@stroeder.com> Ron Teitelbaum wrote: > I have a few questions about leaving a bound connection open for sharing > (python 2.4.4, python-ldap 2.2.1 - openldap 2.3-2.3.30 on Ubuntu 7.04). > > I'm using Async messages is there any benefit to using ReconnectLdapObject? No. If you're solely using the async methods you have to implement your own try-except block catching ldap.SERVER_DOWN and re-initiate whatever LDAP operation(s) seems appropriate in your application. Please elaborate on why you're using the async methods. There are only rare cases where this really makes sense (e.g. bulk data processing with ldap.async or resiter, high-performance proxying with many outstanding search requests). If you have a threaded application you might want to think about using several pooled connections. > I noticed that the comments > http://vmspython.dyndns.org/pyhtmldoc/ldap.ldapobject.html said that the > class was intended for synchronous calls. Yupp. How else should it catch the ldap.SERVER_DOWN exception and do the re-connect without the application noticing it? > Is it ok to leave the connection open for long periods like a month? Is it > realistic to believe that the connection would remain stable and be useable > for production if left open? This also depends on your server's configuration. There are server configuration directives to shorten the life-time of LDAP connections. I'd recommend to always implement an appropriate re-connect functionality within your application. > Is there a way to tell if the connection died so that I can reconnect a > shared connection if the connection dropped off? I'd recommend to send the operation and re-connect and re-send the operation if needed. Testing the connecting with a LDAP request will also result in a ldap.SERVER_DOWN exception to be raised and it's an extra LDAP request sent => extra roundtrip time. > I tried unbind and whoami_s but got a very nasty memory error after a > very long delay. Note that this shouldn't happen in python-ldap 2.3.1+ built from source against OpenLDAP 2.3 libs straigt built with OpenSSL (not gnu-tls). But please report memory errors providing more details. We're tracking down some issues in recent CVS but not sure if you're hitting these bugs. Please also note that always unbind_s() should be called. The unbind call is synchronous by nature and closes the connection. Calling whoami_s() only make sense if the LDAP server supports this particular extended operation. Not many LDAP server do this though. Ciao, Michael. From Ron at USMedRec.com Fri Mar 28 00:49:14 2008 From: Ron at USMedRec.com (Ron Teitelbaum) Date: Thu, 27 Mar 2008 19:49:14 -0400 Subject: Leaving a connection open In-Reply-To: <47EC208E.5020006@stroeder.com> References: <47EC208E.5020006@stroeder.com> Message-ID: > From: Michael Str?der > > Ron Teitelbaum wrote: > > I have a few questions about leaving a bound connection open for sharing > > (python 2.4.4, python-ldap 2.2.1 - openldap 2.3-2.3.30 on Ubuntu 7.04). > > > > I'm using Async messages is there any benefit to using > ReconnectLdapObject? > > No. If you're solely using the async methods you have to implement your > own > try-except block catching ldap.SERVER_DOWN and re-initiate whatever LDAP > operation(s) seems appropriate in your application. Ok I'll switch it back out. Thanks. > > Please elaborate on why you're using the async methods. There are only > rare > cases where this really makes sense (e.g. bulk data processing with > ldap.async or resiter, high-performance proxying with many outstanding > search requests). If you have a threaded application you might want to > think > about using several pooled connections. I'm calling out from smalltalk to python and our vm is hung whenever we are waiting on python. The async methods were just what we needed to allow processing. We are handling a large number of connections and multiple threads and we are doing some pretty intensive processing on the app so having the vm die for a call out is not an option. > > > I noticed that the comments > > http://vmspython.dyndns.org/pyhtmldoc/ldap.ldapobject.html said that the > > class was intended for synchronous calls. > > Yupp. How else should it catch the ldap.SERVER_DOWN exception and do the > re-connect without the application noticing it? Yeah, I'm starting to understand that. I'm getting can't-contact-ldap-server errors that I thought this would help with. Note, I believe this is different from the server down error you are mentioning. How can I create the server_down error for testing? Would shutting off slapd cause this error (I assume), or would that cause other problems in python-ldap, is there an easier way? > > > Is it ok to leave the connection open for long periods like a month? Is > it > > realistic to believe that the connection would remain stable and be > useable > > for production if left open? > > This also depends on your server's configuration. There are server > configuration directives to shorten the life-time of LDAP connections. I'd > recommend to always implement an appropriate re-connect functionality > within > your application. > > > Is there a way to tell if the connection died so that I can reconnect a > > shared connection if the connection dropped off? > > I'd recommend to send the operation and re-connect and re-send the > operation > if needed. Testing the connecting with a LDAP request will also result in > a > ldap.SERVER_DOWN exception to be raised and it's an extra LDAP request > sent > => extra roundtrip time. > > > I tried unbind and whoami_s but got a very nasty memory error after a > > very long delay. > > Note that this shouldn't happen in python-ldap 2.3.1+ built from source > against OpenLDAP 2.3 libs straigt built with OpenSSL (not gnu-tls). But > please report memory errors providing more details. We're tracking down > some > issues in recent CVS but not sure if you're hitting these bugs. We are assessing our production environment. For now we are staying with Python2.4.4, is python-ldap 2.3.1 stable with Python-2.4.4? > > Please also note that always unbind_s() should be called. I thought unbind and unbind_s called the same method internally. Do I need to change my calls to unbind_s? Is that for clarity or is there an implementation difference? > The unbind call > is > synchronous by nature and closes the connection. Calling whoami_s() only > make sense if the LDAP server supports this particular extended operation. > Not many LDAP server do this though. Thank you very much for your help, Ron From michael at stroeder.com Fri Mar 28 01:05:48 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 28 Mar 2008 01:05:48 +0100 Subject: Leaving a connection open In-Reply-To: References: <47EC208E.5020006@stroeder.com> Message-ID: <47EC365C.7040104@stroeder.com> Ron Teitelbaum wrote: > > I'm getting > can't-contact-ldap-server errors that I thought this would help with. Note, > I believe this is different from the server down error you are mentioning. Believe me it's not different. ldap.SERVER_DOWN is the exact exception class which you have to catch with except ldap.SERVER_DOWN. "Can't contact LDAP server" is the descriptive text (diagnostic message) for that. Note that this very same exception is raised if anything goes wrong with SSL/TLS and cert checking but with another descriptive text coming from the underlying SSL lib. > How can I create the server_down error for testing? Example for a connect to a non-existing server: >>> l=ldap.initialize('ldap://localhost:1234') >>> l.simple_bind_s('cn=root','blurb') Traceback (most recent call last): File "", line 1, in File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 201, in simple_bind_s msgid = self.simple_bind(who,cred,serverctrls,clientctrls) File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 195, in simple_bind return self._ldap_call(self._l.simple_bind,who,cred,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls)) File "/usr/lib/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"} >>> > Would shutting off slapd cause this error (I assume), Yes. That's how ReconnectLDAPObject was tested. > We are assessing our production environment. For now we are staying with > Python2.4.4, is python-ldap 2.3.1 stable with Python-2.4.4? Provided python-ldap 2.3.1 was built from source it's stable. If you're using a binary package for which the package maintainer applied a patch set you have to ask the package maintainer. Also note that stable means it has to be linked to stable OpenLDAP libs (mainly without bugs in libldap) which in turn has to be linked to stable versions of OpenSSL (not gnu-tls like in Debian), cyrus-sasl and Kerberos libs. Well, that's the caveat of "standing on the shoulders of giants". >> Please also note that always unbind_s() should be called. > > I thought unbind and unbind_s called the same method internally. Do I need > to change my calls to unbind_s? Is that for clarity or is there an > implementation difference? You have to grab the result() for unbind(). AFAIK unbind_s() should not block. So you should try using it. Ciao, Michael. From michael at stroeder.com Sun Mar 30 12:49:02 2008 From: michael at stroeder.com (=?UTF-8?B?Ik1pY2hhZWwgU3Ryw7ZkZXIi?=) Date: Sun, 30 Mar 2008 12:49:02 +0200 Subject: ANN: python-ldap-2.3.4 In-Reply-To: <1033375530.20080329142018@tk-webart.de> References: <1033375530.20080329142018@tk-webart.de> Message-ID: <194de80cde5b9a46a0180a914cdfb97b@stroeder.com> On 2:20:18 pm 2008-03-29 Torsten Kurbad wrote: > On Saturday, March 29, 2008 at 13:25 Michael Str?der wrote: > > Released 2.3.4 2008-03-29 > > Wow, Michael, that was fast! Seg faults are urgent issues although in this case nobody ever reported it. Special thanks to Matej for his quick fix. Ciao, Michael. From python-ldap at tk-webart.de Sat Mar 29 14:20:18 2008 From: python-ldap at tk-webart.de (Torsten Kurbad) Date: Sat, 29 Mar 2008 14:20:18 +0100 Subject: ANN: python-ldap-2.3.4 Message-ID: <1033375530.20080329142018@tk-webart.de> On Saturday, March 29, 2008 at 13:25 Michael Str?der wrote: > Released 2.3.4 2008-03-29 Wow, Michael, that was fast! I'm gonna build new eggs for different platforms on monday and put them on our site. Regards, Torsten -- Never make anything simple and efficient when a way can be found to make it complex and wonderful. - Murphy's Law No. 13 - From michael at stroeder.com Sun Mar 30 17:03:49 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 30 Mar 2008 17:03:49 +0200 Subject: Commit new-style docs to CVS? Message-ID: <47EFABD5.9030009@stroeder.com> HI! Waldemar Osuch contributed the converted new-style docs for python-ldap based on the latest latex-based docs. You can view/browse the PDF and HTML builds here: http://python-ldap.sourceforge.net/new-style-doc/ The PDF index does not look too good at the moment but I'm not sure how important PDF docs are today. Please review and comment. Especially I'd like to have feedback whether this should be committed to CVS and the old latex-based stuff removed from CVS. Also see: http://sourceforge.net/tracker/index.php?func=detail&aid=1926469&group_id=2072&atid=352072 Ciao, Michael. From jens at dataflake.org Sun Mar 30 17:42:53 2008 From: jens at dataflake.org (Jens Vagelpohl) Date: Sun, 30 Mar 2008 17:42:53 +0200 Subject: Commit new-style docs to CVS? In-Reply-To: <47EFABD5.9030009@stroeder.com> References: <47EFABD5.9030009@stroeder.com> Message-ID: <45FCC472-BE60-4B1A-B519-2FADE2224661@dataflake.org> On Mar 30, 2008, at 17:03 , Michael Str?der wrote: > HI! > > Waldemar Osuch contributed the converted new-style docs for python- > ldap > based on the latest latex-based docs. You can view/browse the PDF and > HTML builds here: > > http://python-ldap.sourceforge.net/new-style-doc/ > > The PDF index does not look too good at the moment but I'm not sure > how > important PDF docs are today. > > Please review and comment. Especially I'd like to have feedback > whether > this should be committed to CVS and the old latex-based stuff removed > from CVS. Looks good enough to me... jens From ryan at stat.Berkeley.EDU Sun Mar 30 19:18:13 2008 From: ryan at stat.Berkeley.EDU (Ryan Lovett) Date: Sun, 30 Mar 2008 10:18:13 -0700 Subject: Commit new-style docs to CVS? In-Reply-To: <47EFABD5.9030009@stroeder.com> References: <47EFABD5.9030009@stroeder.com> Message-ID: <20080330171813.GA17391@stat.berkeley.edu> On Sun, Mar 30, 2008 at 05:03:49PM +0200, Michael Str?der wrote: > Please review and comment. The new HTML docs look very nice and the search facility is wonderful. Perhaps "Front Matter" on /index.html could be changed to "Overview" or "Introduction"? "Front Matter" is better suited to labotomists. :) Also, is the floating red paragraph symbol necessary? It is somewhat distracting. Ryan From michael at stroeder.com Sun Mar 30 19:31:10 2008 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Sun, 30 Mar 2008 19:31:10 +0200 Subject: Commit new-style docs to CVS? In-Reply-To: <20080330171813.GA17391@stat.berkeley.edu> References: <47EFABD5.9030009@stroeder.com> <20080330171813.GA17391@stat.berkeley.edu> Message-ID: <47EFCE5E.80409@stroeder.com> Ryan Lovett wrote: > On Sun, Mar 30, 2008 at 05:03:49PM +0200, Michael Str?der wrote: >> Please review and comment. > > The new HTML docs look very nice and the search facility is wonderful. > Perhaps "Front Matter" on /index.html could be changed to "Overview" or > "Introduction"? "Front Matter" is better suited to labotomists. :) Well the start of the documentation was IMO overkill from the very beginning. ----------------------- snip ----------------------- LDAP programming with Python Author: python-ldap project Front Matter Abstract This document describes the package python-ldap with its various modules This manual assumes basic knowledge about the Python language and the LDAP standard. python-ldap package Contents: [..] ----------------------- snip ----------------------- Glancing at the Python new-style docs this should be probably trimmed to: ----------------------- snip ----------------------- python-ldap Documentation This document describes the package python-ldap with its various modules This manual assumes basic knowledge about the Python language and the LDAP standard. Contents: [..] ----------------------- snip ----------------------- Not sure how a PDF document looks like then. > Also, is the floating red paragraph symbol necessary? It is somewhat > distracting. Hmm, I guess it comes from a standard CSS which I don't like to change. Same behaviour in Python 2.6 docs. The pop-up of this symbol shows the text "Permalink to this definition". Ciao, Michael.