[python-ldap] python-ldap and password policies

Бажал Дмитрий d.bajal at hostcomm.ru
Wed May 30 13:17:39 CEST 2012 

Good day.

The question of my request is about to work with password policies 
described at http://www.openldap.org/doc/admin24/overlays.html (12.10. 
Password Policies).

I'm using latest(2.4.9) version of python-ldap and it's used for user's 
password web-interface.
We are going to use password policies I was saying earlier in our 
corporate ldap server, and the problem is to catch detailed constraint 
violation messages.

For example, using command-line utilities shown below we get an 
"Additional info".
# ldappasswd -a password1 -s password1 -D uid=user,ou=users,dc=corp -H 
ldap://devel.ldap -w password1 -v -x -ZZ
ldap_initialize( ldap://devel.ldap:389/??base )
Result: Constraint violation (19)
Additional info: Password is not being changed from existing value

And when trying to break same policy with python-ldap:
 >>> ldap_con.modify_s('uid=user,ou=users,dc=corp', [(ldap.MOD_REPLACE, 
'password1', 'password1')])
Traceback (most recent call last):
   File "<input>", line 1, in <module>
   File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 357, 
in modify_s
     return self.result(msgid,all=1,timeout=self.timeout)
   File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 458, 
in result
     resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
   File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 462, 
in result2
     resp_type, resp_data, resp_msgid, resp_ctrls = 
self.result3(msgid,all,timeout)
   File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, 
in result3
     resp_ctrl_classes=resp_ctrl_classes
   File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, 
in result4
     ldap_result = 
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
   File "/usr/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, 
in _ldap_call
     result = func(*args,**kwargs)
CONSTRAINT_VIOLATION: {'info': 'modify breaks constraint on 
userPassword', 'desc': 'Constraint violation'}

Is there any way to extend exception info with any details?


Best regards,
Bazhal Dmitry.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20120530/91aa6d72/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20120530/91aa6d72/attachment.bin>

More information about the python-ldap mailing list