[python-ldap] python-ldap and password policies
Бажал Дмитрий
d.bajal at hostcomm.ru
Wed May 30 13:17:39 CEST 2012
Good day.
The question of my request is about to work with password policies
described at http://www.openldap.org/doc/admin24/overlays.html (12.10.
Password Policies).
I'm using latest(2.4.9) version of python-ldap and it's used for user's
password web-interface.
We are going to use password policies I was saying earlier in our
corporate ldap server, and the problem is to catch detailed constraint
violation messages.
For example, using command-line utilities shown below we get an
"Additional info".
# ldappasswd -a password1 -s password1 -D uid=user,ou=users,dc=corp -H
ldap://devel.ldap -w password1 -v -x -ZZ
ldap_initialize( ldap://devel.ldap:389/??base )
Result: Constraint violation (19)
Additional info: Password is not being changed from existing value
And when trying to break same policy with python-ldap:
>>> ldap_con.modify_s('uid=user,ou=users,dc=corp', [(ldap.MOD_REPLACE,
'password1', 'password1')])
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 357,
in modify_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 458,
in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 462,
in result2
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 469,
in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 476,
in result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 99,
in _ldap_call
result = func(*args,**kwargs)
CONSTRAINT_VIOLATION: {'info': 'modify breaks constraint on
userPassword', 'desc': 'Constraint violation'}
Is there any way to extend exception info with any details?
Best regards,
Bazhal Dmitry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20120530/91aa6d72/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20120530/91aa6d72/attachment.bin>
More information about the python-ldap
mailing list