From mailinglist0 at skurfer.com Fri Jul 6 19:35:03 2012
From: mailinglist0 at skurfer.com (Rob McBroom)
Date: Fri, 6 Jul 2012 13:35:03 -0400
Subject: [python-ldap] testing for credentials
Message-ID: <137B7704-B419-4654-97E5-8BA867EC42AF@skurfer.com>
I'd like my scripts to attempt Kerberos, but fall back to simple authentication if that fails. If I do this:
import ldap.sasl
auth_tokens = ldap.sasl.gssapi()
Is there something about `auth_tokens` I can use to determine whether or not a valid Kerberos ticket exists? The object appears to be identical with or without credentials. If I try to bind, the difference becomes apparent, but I'd obviously like to know which type of authentication to use *before* the bind.
I could run `klist -s` and check the exit code like an animal, but I was hoping for a simpler way.
Thanks.
--
Rob McBroom
From michael at stroeder.com Sat Jul 7 11:50:40 2012
From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Date: Sat, 07 Jul 2012 11:50:40 +0200
Subject: [python-ldap] testing for credentials
In-Reply-To: <137B7704-B419-4654-97E5-8BA867EC42AF@skurfer.com>
References: <137B7704-B419-4654-97E5-8BA867EC42AF@skurfer.com>
Message-ID: <4FF80670.8020608@stroeder.com>
Rob McBroom wrote:
> I'd like my scripts to attempt Kerberos, but fall back to simple authentication if that fails. If I do this:
>
> import ldap.sasl
> auth_tokens = ldap.sasl.gssapi()
>
> Is there something about `auth_tokens` I can use to determine whether or not a valid Kerberos ticket exists? The object appears to be identical with or without credentials. If I try to bind, the difference becomes apparent, but I'd obviously like to know which type of authentication to use *before* the bind.
>
> I could run `klist -s` and check the exit code like an animal, but I was hoping for a simpler way.
There's nothing you can check in advance.
I'd simply try SASL/GSSAPI bind first and catch the exception for falling back
to simple bind. IMHO this is the best approach anyway.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
URL:
From dc.loco at gmail.com Wed Aug 8 22:58:14 2012
From: dc.loco at gmail.com (Kevin Cole)
Date: Wed, 8 Aug 2012 16:58:14 -0400
Subject: [python-ldap] Documentation bug
Message-ID:
Hi,
I'm just getting my feet wet with Python-LDAP (which usually means it's
obsolete or about to become so, since I'm always late to these parties).
I think I've found a documentation bug, but since I'm so new to this, I'm
not sure, and thought I'd run it by the list.
In the example at:
http://www.python-ldap.org/doc/html/ldap-resiter.html#module-ldap.resiter
I think the line:
for res_type,res_data,res_msgid,res_controls in
self.source.allresults(msg_id):
should read:
for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id):
Yes?
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From michael at stroeder.com Thu Aug 9 09:14:27 2012
From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Date: Thu, 09 Aug 2012 09:14:27 +0200
Subject: [python-ldap] Documentation bug
In-Reply-To:
References:
Message-ID: <50236353.6030809@stroeder.com>
Kevin Cole wrote:
> In the example at:
>
> http://www.python-ldap.org/doc/html/ldap-resiter.html#module-ldap.resiter
>
> I think the line:
>
> for res_type,res_data,res_msgid,res_controls in self.source.allresults(msg_id):
>
> should read:
>
> for res_type,res_data,res_msgid,res_controls in l.allresults(msg_id):
>
> Yes?
Yes, right.
Actually I've committed the fix quite while ago but forgot to update the
public web site. Thanks for reporting this.
Fixed now und uploaded new docs.
Your feedback is appreciated.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
URL:
From a.samoylov at bashtel.ru Wed Aug 22 10:17:33 2012
From: a.samoylov at bashtel.ru (=?koi8-r?B?88HNz8rMz9cg4c7E0sXKIOnXwc7P18ne?=)
Date: Wed, 22 Aug 2012 08:17:33 +0000
Subject: [python-ldap] python-ldap and Windows 2008 Server
Message-ID: <1EAC82B289C32B4C9DDCA848288EB98E57E296B0@Exmailbox1.SYS.BIS>
Hi!
I use python-ldap version 2.0.0 pre05 and, when i receive Unicode attribute
values from Windows 2008 Server, they present as question marks('???'). How I
can encode attribute values to cp1251?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From a.samoylov at bashtel.ru Wed Aug 22 10:21:59 2012
From: a.samoylov at bashtel.ru (=?koi8-r?B?88HNz8rMz9cg4c7E0sXKIOnXwc7P18ne?=)
Date: Wed, 22 Aug 2012 08:21:59 +0000
Subject: [python-ldap] python-ldap and Windows 2008 Server
In-Reply-To: <1EAC82B289C32B4C9DDCA848288EB98E57E296B0@Exmailbox1.SYS.BIS>
References: <1EAC82B289C32B4C9DDCA848288EB98E57E296B0@Exmailbox1.SYS.BIS>
Message-ID: <1EAC82B289C32B4C9DDCA848288EB98E57E296D6@Exmailbox1.SYS.BIS>
Hi!
I use python-ldap version 2.0.0 pre05 and, when i receive Unicode attribute
values from Windows 2008 Server, they present as question marks('???'). How I
can encode attribute values to cp1251?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From michael at stroeder.com Wed Aug 22 19:59:45 2012
From: michael at stroeder.com (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?=)
Date: Wed, 22 Aug 2012 19:59:45 +0200
Subject: [python-ldap] python-ldap and Windows 2008 Server
In-Reply-To: <1EAC82B289C32B4C9DDCA848288EB98E57E296B0@Exmailbox1.SYS.BIS>
References: <1EAC82B289C32B4C9DDCA848288EB98E57E296B0@Exmailbox1.SYS.BIS>
Message-ID: <50351E11.7090404@stroeder.com>
???????? ?????? ???????? wrote:
> I use python-ldap version 2.0.0 pre05 and,
Please note that 2.0.0pre05 is pretty old. I'd strongly recommend to update.
> when i receive Unicode attribute
> values from Windows 2008 Server, they present as question marks('???'). How I
> can encode attribute valuesto cp1251?
The python-ldap API only accepts and returns raw strings (somewhat just binary
buffers).
You have to decode the UTF-8 values returned from the LDAP server in your
application and encode it for whatever I/O device you're trying to write
output to.
'Str\xc3\xb6der'.decode('utf-8').encode('cp1251')
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
URL:
From cornelius.koelbel at lsexperts.de Sat Sep 1 15:17:47 2012
From: cornelius.koelbel at lsexperts.de (=?ISO-8859-15?Q?Cornelius_K=F6lbel?=)
Date: Sat, 01 Sep 2012 15:17:47 +0200
Subject: [python-ldap] anonymous bind
Message-ID: <50420AFB.5080909@lsexperts.de>
Hello list,
How do I do an anonymous bind?
usually I do
l = ldap.initialize(uri)
l.simple_bind_s( user, passw )
...
Thanks a lot and kind regards
Cornelius
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL:
From mailinglist0 at skurfer.com Tue Sep 4 13:34:10 2012
From: mailinglist0 at skurfer.com (Rob McBroom)
Date: Tue, 4 Sep 2012 07:34:10 -0400
Subject: [python-ldap] anonymous bind
In-Reply-To: <50420AFB.5080909@lsexperts.de>
References: <50420AFB.5080909@lsexperts.de>
Message-ID:
On Sep 1, 2012, at 9:17 AM, Cornelius K?lbel wrote:
> How do I do an anonymous bind?
>
> usually I do
>
> l = ldap.initialize(uri)
> l.simple_bind_s( user, passw )
> ...
l.simple_bind_s()
--
Rob McBroom
From darren.demicoli at gov.mt Tue Sep 18 12:31:08 2012
From: darren.demicoli at gov.mt (Demicoli Darren at MITA)
Date: Tue, 18 Sep 2012 12:31:08 +0200
Subject: [python-ldap] password change for multivalued userpasssword
Message-ID: <1D043A388E0BC442AFBF6DB07D73163E1B6A42@xbka1-lk>
Dear all
When changing a user password using the passwd_s() function, the old
password can be specified. Now since the userpassword attribute is a
multivalued attribute, I was assuming that for an ldap entry with
multiple passwords, if the old password is specified in the passwd_s(),
this would change only that particular password. However, if this is
done, all the user passwords are removed and only the entry for the new
password remains.
Is this limitation coming from python-ldap or from the directory server
exop?
Thanks a lot.
-Darren
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From michael at stroeder.com Tue Sep 18 17:57:53 2012
From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Date: Tue, 18 Sep 2012 17:57:53 +0200
Subject: [python-ldap] password change for multivalued userpasssword
In-Reply-To: <1D043A388E0BC442AFBF6DB07D73163E1B6A42@xbka1-lk>
References: <1D043A388E0BC442AFBF6DB07D73163E1B6A42@xbka1-lk>
Message-ID: <50589A01.5040004@stroeder.com>
Demicoli Darren at MITA wrote:
> When changing a user password using the passwd_s() function, the old password
> can be specified. Now since the userpassword attribute is a multivalued
> attribute, I was assuming that for an ldap entry with multiple passwords, if
> the old password is specified in the passwd_s(), this would change only that
> particular password. However, if this is done, all the user passwords are
> removed and only the entry for the new password remains.
>
> Is this limitation coming from python-ldap or from the directory server exop?
It's entirely up to the LDAP server how it handles Password Modify Extended
operation.
BTW: Having multiple values in attribute 'userPassword' is a very bad idea anyway.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
URL: