From michael at stroeder.com Sat Apr 18 18:58:32 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sat, 18 Apr 2015 18:58:32 +0200 Subject: [python-ldap] Project to support VLV and SSS controls... In-Reply-To: <53152915.3070501@entrouvert.com> References: <53152915.3070501@entrouvert.com> Message-ID: <55328D38.10402@stroeder.com> Benjamin Dauvergne wrote: > I started a project to implement VLV and SSL controls[1], it's nearly > finished. My intentions are to propose it for integration inside > ldap.controls when it's really finished. My first tests gives strange > results with OpenLDAP; my understanding of the control fields are wrong > or OpenLDAP implementation is buged; I'm still not sure for now. > > [1]: https://github.com/bdauvergne/python-ldap-vlv Sorry, it's been a long time since that. I have reviewed your code. With your permission I'd like to add the request/response control stuff to python-ldap. You have to confirm by e-mail to this list that you want that and that no 3rd party has any rights for your code. I object to your class SSSVLVPagedLDAPObject derived from LDAPObject since setting class-wide attributes specific for a certain search invocation is not thread-safe. Ciao, Michael. From bdauvergne at entrouvert.com Mon Apr 20 12:11:15 2015 From: bdauvergne at entrouvert.com (bdauvergne) Date: Mon, 20 Apr 2015 12:11:15 +0200 Subject: [python-ldap] Project to support VLV and SSS controls... In-Reply-To: <55328D38.10402@stroeder.com> References: <53152915.3070501@entrouvert.com> <55328D38.10402@stroeder.com> Message-ID: <743c48d1aa95f4db77379000eec421c9@mail.entrouvert.org> Le 2015-04-18 18:58, Michael Str?der a ?crit?: > Benjamin Dauvergne wrote: >> I started a project to implement VLV and SSL controls[1], it's nearly >> finished. My intentions are to propose it for integration inside >> ldap.controls when it's really finished. My first tests gives strange >> results with OpenLDAP; my understanding of the control fields are >> wrong >> or OpenLDAP implementation is buged; I'm still not sure for now. >> >> [1]: https://github.com/bdauvergne/python-ldap-vlv > > Sorry, it's been a long time since that. > > I have reviewed your code. With your permission I'd like to add the > request/response control stuff to python-ldap. You have to confirm by > e-mail to this list that you want that and that no 3rd party has any > rights for your code. I want this code to be added to python-ldap and no third party have any right to it. For the SSSVLVPagedLDAPObject I'll try to find time to make another proposal that would be thread safe. Maybe just some example code of using the new controls. From prashant at apigee.com Mon Apr 20 11:17:27 2015 From: prashant at apigee.com (Prashant Bapat) Date: Mon, 20 Apr 2015 14:47:27 +0530 Subject: [python-ldap] Connect to multiple servers for failover Message-ID: Hi, Is there a way to connect to multiple servers for a query and iteratively try all of them before failing ? Can I do something like ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is down etc Is this possible ? Thanks. --Prashant -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Mon Apr 20 17:42:26 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Mon, 20 Apr 2015 17:42:26 +0200 Subject: [python-ldap] Project to support VLV and SSS controls... In-Reply-To: <743c48d1aa95f4db77379000eec421c9@mail.entrouvert.org> References: <53152915.3070501@entrouvert.com> <55328D38.10402@stroeder.com> <743c48d1aa95f4db77379000eec421c9@mail.entrouvert.org> Message-ID: <55351E62.4070900@stroeder.com> bdauvergne wrote: > Le 2015-04-18 18:58, Michael Str?der a ?crit : >> Benjamin Dauvergne wrote: >>> I started a project to implement VLV and SSL controls[1], it's nearly >>> finished. My intentions are to propose it for integration inside >>> ldap.controls when it's really finished. My first tests gives strange >>> results with OpenLDAP; my understanding of the control fields are wrong >>> or OpenLDAP implementation is buged; I'm still not sure for now. >>> >>> [1]: https://github.com/bdauvergne/python-ldap-vlv >> >> Sorry, it's been a long time since that. >> >> I have reviewed your code. With your permission I'd like to add the >> request/response control stuff to python-ldap. You have to confirm by >> e-mail to this list that you want that and that no 3rd party has any >> rights for your code. > > I want this code to be added to python-ldap and no third party have any right > to it. > > For the SSSVLVPagedLDAPObject I'll try to find time to make another proposal > that would be thread safe. Maybe just some example code of using the new > controls. I'd rather prefer to just have a demo script. It's a bit similar like Simple Paged Results control's or syncrepl cookie. Mainly the application has to deal with that. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Mon Apr 20 17:56:40 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Mon, 20 Apr 2015 17:56:40 +0200 Subject: [python-ldap] Connect to multiple servers for failover In-Reply-To: References: Message-ID: <553521B8.9000800@stroeder.com> Prashant Bapat wrote: > Is there a way to connect to multiple servers for a query and iteratively > try all of them before failing ? > > Can I do something like > > ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is down > etc > > Is this possible ? Did not test thoroughly myself but parameter uri is simply passed to OpenLDAP's libldap and libldap takes several space-separated LDAP URIs. I prefer to deal with that one level higher though. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From prashant at apigee.com Mon Apr 20 18:02:46 2015 From: prashant at apigee.com (Prashant Bapat) Date: Mon, 20 Apr 2015 21:32:46 +0530 Subject: [python-ldap] Connect to multiple servers for failover In-Reply-To: <553521B8.9000800@stroeder.com> References: <553521B8.9000800@stroeder.com> Message-ID: Ok. I wasn't able to get the flexibility I wanted with that approach. Settled for something like this. LDAPSERVERS = ["srv1", "srv2"] for server in LDAPSERVERS: try: conn = ldap.initialize("ldap://%s" % (server)) conn.start_tls_s() conn.simple_bind_s() response = conn.search_s(search ,ldap.SCOPE_BASE, "(objectClass=*)", ["attr1", "attr2"]) # If we get a response lets not go to the next server. Break here. if response: break except ldap.NO_SUCH_OBJECT: # We got a error and the queried username is wrong. Lets not bother the other server. raise sys.exit(-1) except LDAPError, e: # Lets go to the next server. ldaperrors[server] = e continue Thanks. --Prashant On 20 April 2015 at 21:26, Michael Str?der wrote: > Prashant Bapat wrote: > >> Is there a way to connect to multiple servers for a query and iteratively >> try all of them before failing ? >> >> Can I do something like >> >> ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is down >> etc >> >> Is this possible ? >> > > Did not test thoroughly myself but parameter uri is simply passed to > OpenLDAP's libldap and libldap takes several space-separated LDAP URIs. > > I prefer to deal with that one level higher though. > > Ciao, Michael. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglist0 at skurfer.com Mon Apr 20 18:41:32 2015 From: mailinglist0 at skurfer.com (Rob McBroom) Date: Mon, 20 Apr 2015 12:41:32 -0400 Subject: [python-ldap] Connect to multiple servers for failover In-Reply-To: References: Message-ID: On 20 Apr 2015, at 5:17, Prashant Bapat wrote: > Is there a way to connect to multiple servers for a query and > iteratively > try all of them before failing ? > > Can I do something like > > ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is > down > etc If you have the power to do so, just put multiple A records in DNS with the same name that point to the IPs of the different servers. The OpenLDAP library is very good at finding a server that?s up and running. Don?t try to reinvent the functionality yourself. -- Rob McBroom http://www.skurfer.com/ From pspacek at redhat.com Tue Apr 21 11:32:38 2015 From: pspacek at redhat.com (Petr Spacek) Date: Tue, 21 Apr 2015 11:32:38 +0200 Subject: [python-ldap] Connect to multiple servers for failover In-Reply-To: References: Message-ID: <55361936.90801@redhat.com> On 20.4.2015 18:41, Rob McBroom wrote: > On 20 Apr 2015, at 5:17, Prashant Bapat wrote: > >> Is there a way to connect to multiple servers for a query and iteratively >> try all of them before failing ? >> >> Can I do something like >> >> ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is down >> etc > > If you have the power to do so, just put multiple A records in DNS with the > same name that point to the IPs of the different servers. The OpenLDAP library > is very good at finding a server that?s up and running. Don?t try to reinvent > the functionality yourself. Or even better, use DNS SRV records. It usually works better when it comes to prioritization, geo-clusters etc. (I hope OpenLDAP supports DNS SRV records but I did not check it myself.) -- Petr Spacek @ Red Hat From michael at stroeder.com Tue Apr 21 16:16:14 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Tue, 21 Apr 2015 16:16:14 +0200 Subject: [python-ldap] Connect to multiple servers for failover In-Reply-To: <55361936.90801@redhat.com> References: <55361936.90801@redhat.com> Message-ID: <55365BAE.4060408@stroeder.com> Petr Spacek wrote: > On 20.4.2015 18:41, Rob McBroom wrote: >> On 20 Apr 2015, at 5:17, Prashant Bapat wrote: >> >>> Is there a way to connect to multiple servers for a query and iteratively >>> try all of them before failing ? >>> >>> Can I do something like >>> >>> ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is down >>> etc >> >> If you have the power to do so, just put multiple A records in DNS with the >> same name that point to the IPs of the different servers. The OpenLDAP library >> is very good at finding a server that?s up and running. Don?t try to reinvent >> the functionality yourself. > > Or even better, use DNS SRV records. It usually works better when it comes to > prioritization, geo-clusters etc. (I hope OpenLDAP supports DNS SRV records > but I did not check it myself.) I think we had this open issue on another mailing list (sssd-users?): The TLS hostname check would have to be based on the service name used to do the DNS SRV lookup. AFAIK this is not the case. At least I never saw a server cert with _ldap.example.com in subjectAltName:dNSName extension. => I'd recommend to configure a trusted list of server hostnames (Or you have to consequently use DNSSEC). Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From pspacek at redhat.com Tue Apr 21 16:46:21 2015 From: pspacek at redhat.com (Petr Spacek) Date: Tue, 21 Apr 2015 16:46:21 +0200 Subject: [python-ldap] Connect to multiple servers for failover In-Reply-To: <55365BAE.4060408@stroeder.com> References: <55361936.90801@redhat.com> <55365BAE.4060408@stroeder.com> Message-ID: <553662BD.7020008@redhat.com> On 21.4.2015 16:16, Michael Str?der wrote: > Petr Spacek wrote: >> On 20.4.2015 18:41, Rob McBroom wrote: >>> On 20 Apr 2015, at 5:17, Prashant Bapat wrote: >>> >>>> Is there a way to connect to multiple servers for a query and iteratively >>>> try all of them before failing ? >>>> >>>> Can I do something like >>>> >>>> ldap.initialize(srv1, srv2, srv3) and it connects to srv2 if srv1 is down >>>> etc >>> >>> If you have the power to do so, just put multiple A records in DNS with the >>> same name that point to the IPs of the different servers. The OpenLDAP library >>> is very good at finding a server that?s up and running. Don?t try to reinvent >>> the functionality yourself. >> >> Or even better, use DNS SRV records. It usually works better when it comes to >> prioritization, geo-clusters etc. (I hope OpenLDAP supports DNS SRV records >> but I did not check it myself.) > > I think we had this open issue on another mailing list (sssd-users?): > > The TLS hostname check would have to be based on the service name used to do > the DNS SRV lookup. AFAIK this is not the case. At least I never saw a server > cert with _ldap.example.com in subjectAltName:dNSName extension. > > => I'd recommend to configure a trusted list of server hostnames > (Or you have to consequently use DNSSEC). Yes, I should have mentioned this explicitly. DNSSEC is necessary if service discovery via DNS should be trusted. http://tools.ietf.org/html/draft-ietf-dane-srv-13#section-4.1 nicely describes what to do if DNSSEC is available and when it is not, it is equally applicable here. (Please note that this is a draft in final stages but still just a draft.) Have a nice day! -- Petr Spacek @ Red Hat From rene.kijewski at fu-berlin.de Tue Apr 21 17:35:38 2015 From: rene.kijewski at fu-berlin.de (=?UTF-8?B?UmVuw6k=?= Kijewski) Date: Tue, 21 Apr 2015 17:35:38 +0200 Subject: [python-ldap] ldap_sasl_bind_s() In-Reply-To: <20150323151849.68b56017@inf.fu-berlin.de> References: <20150317100418.0b4b2acb@inf.fu-berlin.de> <550F3FBF.2060301@stroeder.com> <20150323151849.68b56017@inf.fu-berlin.de> Message-ID: <20150421173538.0e5df4ad@rara.vetmed.fu-berlin.de> Am Mon, 23 Mar 2015 15:18:49 +0100 schrieb Ren? Kijewski : > Am Sun, 22 Mar 2015 23:18:39 +0100 > schrieb Michael Str?der : > > [?] > > 1: https://github.com/Kijewski/ldap_sasl_bind_s-example Ping? Do you have further questions? -- Ren? Kijewski Freie Universit?t Berlin ASCII ribbon campaign _ Veterin?rmedizinische Bibliothek against HTML e-mail ( ) Oertzenweg 19b, 14163 Berlin against proprietary attachments X Tel.: 030 838 62652 www.asciiribbon.org / \ From thomasc at ssimicro.com Wed Apr 22 21:53:31 2015 From: thomasc at ssimicro.com (Thomas Cort) Date: Wed, 22 Apr 2015 15:53:31 -0400 Subject: [python-ldap] syncrepl.py demo not picking up changes that happened while disconnected Message-ID: <5537FC3B.7030704@ssimicro.com> Hello, The syncrepl feature is really compelling; I can write a python program that can react to changes in the LDAP directory. I'm working on a prototype using the demo (Demo/pyasn1/syncrepl.py), and I'm running into a bit of a problem (maybe it's a problem with my understanding?). I do an initial sync, kill the python script, make a modification in ldap, restart the python script, and I expect it to get the change that happened while it was disconnect. Unfortunately, I don't see any indication that it discovers/gets the change. Is it a bug or am I missing something? The server is running OpenLDAP 2.4.33. Here's exactly what I'm doing.... $ sudo pip install python-ldap pyasn1 $ curl https://pypi.python.org/packages/source/p/python-ldap/python-ldap-2.4.19.tar.gz | tar zvxf - $ cd python-ldap-2.4.19/Demo/pyasn1/ $ python syncrepl.py 'ldap://server.example.com/dc=2,dc=foobar?*?sub?(objectClass=*)?bindname=cn=thomasc%2cdc=2%2cdc=foobar,X-BINDPW=topSecret' db.shelve Connecting to LDAP server now... Commencing sync process Detected add of entry: dc=2,dc=foobar ... Detected add of entry: cn=test01,dc=2,dc=foobar ... Initial synchronization is now done, persist phase begins Detected modify of entry: cn=test01,dc=2,dc=foobar # I made a change in LDAP ... ^CShutting down! # I killed the script with Ctrl+C # Once killed, I made more changes in LDAP and then restarted the script. $ python syncrepl.py 'ldap://server.example.com/dc=2,dc=foobar?*?sub?(objectClass=*)?bindname=cn=thomasc%2cdc=2%2cdc=foobar,X-BINDPW=topSecret' db.shelve Connecting to LDAP server now... Commencing sync process # I expect to see "Detected modify of entry" come up somewhere Initial synchronization is now done, persist phase begins Thanks, Thomas -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Thu Apr 23 11:47:01 2015 From: pspacek at redhat.com (Petr Spacek) Date: Thu, 23 Apr 2015 11:47:01 +0200 Subject: [python-ldap] syncrepl.py demo not picking up changes that happened while disconnected In-Reply-To: <5537FC3B.7030704@ssimicro.com> References: <5537FC3B.7030704@ssimicro.com> Message-ID: <5538BF95.506@redhat.com> On 22.4.2015 21:53, Thomas Cort wrote: > Hello, > > The syncrepl feature is really compelling; I can write a python program > that can react to changes in the LDAP directory. > > I'm working on a prototype using the demo (Demo/pyasn1/syncrepl.py), and > I'm running into a bit of a problem (maybe it's a problem with my > understanding?). I do an initial sync, kill the python script, make a > modification in ldap, restart the python script, and I expect it to get > the change that happened while it was disconnect. Unfortunately, I don't > see any indication that it discovers/gets the change. Is it a bug or am > I missing something? > > The server is running OpenLDAP 2.4.33. Here's exactly what I'm doing.... > > $ sudo pip install python-ldap pyasn1 > > $ curl > https://pypi.python.org/packages/source/p/python-ldap/python-ldap-2.4.19.tar.gz > | tar zvxf - > > $ cd python-ldap-2.4.19/Demo/pyasn1/ > > $ python syncrepl.py > 'ldap://server.example.com/dc=2,dc=foobar?*?sub?(objectClass=*)?bindname=cn=thomasc%2cdc=2%2cdc=foobar,X-BINDPW=topSecret' > db.shelve > > Connecting to LDAP server now... > Commencing sync process > Detected add of entry: dc=2,dc=foobar > ... > Detected add of entry: cn=test01,dc=2,dc=foobar > ... > Initial synchronization is now done, persist phase begins > Detected modify of entry: cn=test01,dc=2,dc=foobar # I > made a change in LDAP > ... > ^CShutting down! # I killed the script with Ctrl+C > > # Once killed, I made more changes in LDAP and then restarted the script. > > $ python syncrepl.py > 'ldap://server.example.com/dc=2,dc=foobar?*?sub?(objectClass=*)?bindname=cn=thomasc%2cdc=2%2cdc=foobar,X-BINDPW=topSecret' > db.shelve > > Connecting to LDAP server now... > Commencing sync process > # I expect to see "Detected modify of entry" come up somewhere > Initial synchronization is now done, persist phase begins Interesting, it works for me just fine on Fedora 21 against LDAP server 389-ds-base-1.3.3.8-1.fc21.x86_64. Technically the 'cookie' value needs to be stored somewhere and used after re-connecting to LDAP. I can see that you are calling the demo script but not using the python-ldap version from tarball, I'm not sure if it could cause the problem or not. Try this: $ export PYTHONPATH=/tmp/python-ldap-2.4.19/Lib $ cd /tmp/python-ldap-2.4.19/Demo/pyasn1/ ... Also, check ACL on LDAP server. Maybe syncrepl is not allowed for the BIND DN you are using or something like that. I hope this helps. -- Petr Spacek @ Red Hat From thomasc at ssimicro.com Thu Apr 23 22:16:55 2015 From: thomasc at ssimicro.com (Thomas Cort) Date: Thu, 23 Apr 2015 16:16:55 -0400 Subject: [python-ldap] syncrepl.py demo not picking up changes that happened while disconnected In-Reply-To: <5538BF95.506@redhat.com> References: <5537FC3B.7030704@ssimicro.com> <5538BF95.506@redhat.com> Message-ID: <55395337.50606@ssimicro.com> > On 2015-04-23 5:47 AM, Petr Spacek wrote: > > Interesting, it works for me just fine Thanks for these encouraging words! I set up a more recent version of OpenLDAP slapd (2.4.39 instead of 2.4.33) with a stripped down config, and using the rootdn I was able to get syncrepl.py working properly (i.e. it picks up changes that it missed while disconnected). I've got some work to do to pinpoint what was wrong with my previous setup, but I now know it isn't related to python-ldap and is most likely a config/permissions issue or fixed bug in OpenLDAP. Cheers, Thomas From chris.dukes.aix at gmail.com Thu Apr 23 22:52:02 2015 From: chris.dukes.aix at gmail.com (Chris Dukes) Date: Thu, 23 Apr 2015 16:52:02 -0400 Subject: [python-ldap] syncrepl.py demo not picking up changes that happened while disconnected In-Reply-To: <55395337.50606@ssimicro.com> References: <5537FC3B.7030704@ssimicro.com> <5538BF95.506@redhat.com> <55395337.50606@ssimicro.com> Message-ID: And my belief was based on a version of ibm directory server from 3 or 4 years ago. On Apr 23, 2015 4:17 PM, "Thomas Cort" wrote: > > On 2015-04-23 5:47 AM, Petr Spacek wrote: > > > > Interesting, it works for me just fine > > Thanks for these encouraging words! I set up a more recent version of > OpenLDAP slapd (2.4.39 instead of 2.4.33) with a stripped down config, > and using the rootdn I was able to get syncrepl.py working properly > (i.e. it picks up changes that it missed while disconnected). I've got > some work to do to pinpoint what was wrong with my previous setup, but I > now know it isn't related to python-ldap and is most likely a > config/permissions issue or fixed bug in OpenLDAP. > > Cheers, > Thomas > _______________________________________________ > python-ldap mailing list > python-ldap at python.org > https://mail.python.org/mailman/listinfo/python-ldap > -------------- next part -------------- An HTML attachment was scrubbed... URL: From calingabriel89 at gmail.com Tue Apr 28 11:32:24 2015 From: calingabriel89 at gmail.com (Gabriel Calin) Date: Tue, 28 Apr 2015 12:32:24 +0300 Subject: [python-ldap] TCP_NO_DELAY Message-ID: Hi, I'm not sure if this is the right way to post. Is there any way I can set TCP_NO_DELAY when using the ldap library? We have performance issues because it seems that by default it isn't set. Thanks, Gabriel -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Tue Apr 28 17:20:22 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Tue, 28 Apr 2015 17:20:22 +0200 Subject: [python-ldap] TCP_NO_DELAY In-Reply-To: References: Message-ID: <553FA536.3040002@stroeder.com> Gabriel Calin wrote: > I'm not sure if this is the right way to post. > Is there any way I can set TCP_NO_DELAY when using the ldap library? We > have performance issues because it seems that by default it isn't set. What makes you believe that TCP_NO_DELAY would help with your performance issues? How does your connection management work? It might be better to ask on the openldap-technical mailing list about the inner workings of OpenLDAP's libldap. My knowledge is limited. But I'd expect that requests are flushed out to wire by libldap pretty quickly. Given a recent python-ldap 2.4.17+ you can get the file descriptor of the LDAP connection out of LDAPObject instance. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Wed Apr 29 19:24:39 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Wed, 29 Apr 2015 19:24:39 +0200 Subject: [python-ldap] TCP_NO_DELAY In-Reply-To: References: <553FA536.3040002@stroeder.com> Message-ID: <554113D7.8000507@stroeder.com> Gabriel, please always stay on the mailing list so other can answer and learn as well. Gabriel Calin wrote: > I'm using this library mainly for its support for asynchronous operations. > Before, I was using the perl Net::LDAP library for synchronous operations. > With the perl library we were also having performance issues which we only > solved after setting TCP_NO_DELAY for the socket Note that unlike python-ldap the pure Perl module Net::LDAP is not based on OpenLDAP's libldap. Therefore a required fix for Net::LDAP is likely not required for python-ldap since libldap does all the socket handling. > (I think it was a problem > with the sender - the perl library - waiting for ACK from the server but > the ldap server also waited for more messages to come before sending the > ACK, I strongly doubt that's an issue with libldap at all. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Sat May 2 18:20:14 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sat, 02 May 2015 18:20:14 +0200 Subject: [python-ldap] ldap_sasl_bind_s() In-Reply-To: <20150421173538.0e5df4ad@rara.vetmed.fu-berlin.de> References: <20150317100418.0b4b2acb@inf.fu-berlin.de> <550F3FBF.2060301@stroeder.com> <20150323151849.68b56017@inf.fu-berlin.de> <20150421173538.0e5df4ad@rara.vetmed.fu-berlin.de> Message-ID: <5544F93E.5040304@stroeder.com> Ren? Kijewski wrote: > Am Mon, 23 Mar 2015 15:18:49 +0100 > schrieb Ren? Kijewski : > >> Am Sun, 22 Mar 2015 23:18:39 +0100 >> schrieb Michael Str?der : >> >> [?] >> >> 1: https://github.com/Kijewski/ldap_sasl_bind_s-example > > Ping? Do you have further questions? Sorry for following up so late. I can see the new method's signature more or less repeats that of OpenLDAP's function ldap_sasl_bind_s(). SASL is quite flexible and I'm not really familiar with SASL lib's C interface. Therefore I wonder whether all possible result types of ldap_sasl_bind_s() are covered in l_ldap_sasl_bind_s(). Well, basically it's a string buffer... I've also added the appropriate message to ReconnectLDAPObject. Additionally sometimes people asked for completely async SASL bind. Do you see a chance to wrap ldap_sasl_bind() in the C wrapper module and have the sync methods only in the Python wrapper (as done for most other functions)? I've committed to CVS head for now. Please test. So far I've only checked whether it builds. What I also need is a license statement that you and your employer don't claim rights for the code. Something similar to this: http://www.openldap.org/devel/contributing.html#notice It would be also nice to have a stand-alone demo script in Demo/. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Sat May 2 18:26:48 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sat, 02 May 2015 18:26:48 +0200 Subject: [python-ldap] Project to support VLV and SSS controls... In-Reply-To: <55351E62.4070900@stroeder.com> References: <53152915.3070501@entrouvert.com> <55328D38.10402@stroeder.com> <743c48d1aa95f4db77379000eec421c9@mail.entrouvert.org> <55351E62.4070900@stroeder.com> Message-ID: <5544FAC8.4050802@stroeder.com> Michael Str?der wrote: > bdauvergne wrote: >> Le 2015-04-18 18:58, Michael Str?der a ?crit : >>> Benjamin Dauvergne wrote: >>>> I started a project to implement VLV and SSL controls[1], it's nearly >>>> finished. My intentions are to propose it for integration inside >>>> ldap.controls when it's really finished. My first tests gives strange >>>> results with OpenLDAP; my understanding of the control fields are wrong >>>> or OpenLDAP implementation is buged; I'm still not sure for now. >>>> >>>> [1]: https://github.com/bdauvergne/python-ldap-vlv >>> >>> Sorry, it's been a long time since that. >>> >>> I have reviewed your code. With your permission I'd like to add the >>> request/response control stuff to python-ldap. You have to confirm by >>> e-mail to this list that you want that and that no 3rd party has any >>> rights for your code. >> >> I want this code to be added to python-ldap and no third party have any right >> to it. >> >> For the SSSVLVPagedLDAPObject I'll try to find time to make another proposal >> that would be thread safe. Maybe just some example code of using the new >> controls. > > I'd rather prefer to just have a demo script. It's a bit similar like Simple > Paged Results control's or syncrepl cookie. Mainly the application has to deal > with that. Please let me know how to progress with that. I'd commit the raw request/response control stuff to python-ldap. What I also need is a license statement that you and your employer don't claim rights for the code. Something similar to this: http://www.openldap.org/devel/contributing.html#notice Ciao, Michael. From rene.kijewski at fu-berlin.de Sat May 2 19:06:48 2015 From: rene.kijewski at fu-berlin.de (=?UTF-8?B?UmVuw6k=?= Kijewski) Date: Sat, 2 May 2015 19:06:48 +0200 Subject: [python-ldap] ldap_sasl_bind_s() In-Reply-To: <5544F93E.5040304@stroeder.com> References: <20150317100418.0b4b2acb@inf.fu-berlin.de> <550F3FBF.2060301@stroeder.com> <20150323151849.68b56017@inf.fu-berlin.de> <20150421173538.0e5df4ad@rara.vetmed.fu-berlin.de> <5544F93E.5040304@stroeder.com> Message-ID: <20150502190648.3a06649f@inf.fu-berlin.de> Am Sat, 02 May 2015 18:20:14 +0200 schrieb Michael Str?der : > What I also need is a license statement that you and your employer don't claim > rights for the code. Something similar to this: > http://www.openldap.org/devel/contributing.html#notice Hello Michael, thank you! I will test the merged patch next week and try to answer your other questions then. For now: The referenced patch [1] is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Freie Universit?t Berlin. Freie Universit?t Berlin has not assigned rights and/or interest in this work to any party. I, Ren? Kijewski am authorized by Freie Universit?t Berlin, my employer, to release this work under the following terms: Freie Universit?t Berlin hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. 1: https://github.com/Kijewski/python-ldap/commit/3b666b5a4205a30b7ad04695846409b3c89feb58 Cheers Ren? -- ?Sometimes there is no point in giving up.? ?Louis Wu From michael at stroeder.com Sat May 2 19:54:23 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sat, 02 May 2015 19:54:23 +0200 Subject: [python-ldap] ldap_sasl_bind_s() In-Reply-To: <20150502190648.3a06649f@inf.fu-berlin.de> References: <20150317100418.0b4b2acb@inf.fu-berlin.de> <550F3FBF.2060301@stroeder.com> <20150323151849.68b56017@inf.fu-berlin.de> <20150421173538.0e5df4ad@rara.vetmed.fu-berlin.de> <5544F93E.5040304@stroeder.com> <20150502190648.3a06649f@inf.fu-berlin.de> Message-ID: <55450F4F.3030305@stroeder.com> Ren? Kijewski wrote: > Am Sat, 02 May 2015 18:20:14 +0200 > schrieb Michael Str?der : > >> What I also need is a license statement that you and your employer don't claim >> rights for the code. Something similar to this: >> http://www.openldap.org/devel/contributing.html#notice > > For now: > > The referenced patch [1] is derived from OpenLDAP Software. All of > the modifications to OpenLDAP Software represented in the following > patch(es) were developed by Freie Universit?t Berlin. Freie > Universit?t Berlin has not assigned rights and/or interest in this > work to any party. I, Ren? Kijewski am authorized by Freie Universit?t > Berlin, my employer, to release this work under the following terms: > > Freie Universit?t Berlin hereby place the following modifications to > OpenLDAP Software (and only these modifications) into the public > domain. Hence, these modifications may be freely used and/or > redistributed for any purpose with or without attribution and/or other > notice. > > 1: https://github.com/Kijewski/python-ldap/commit/3b666b5a4205a30b7ad04695846409b3c89feb58 May I assume s/OpenLDAP Software/python-ldap module/g here? Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From rene.kijewski at fu-berlin.de Sat May 2 19:59:37 2015 From: rene.kijewski at fu-berlin.de (=?UTF-8?B?UmVuw6k=?= Kijewski) Date: Sat, 2 May 2015 19:59:37 +0200 Subject: [python-ldap] ldap_sasl_bind_s() In-Reply-To: <55450F4F.3030305@stroeder.com> References: <20150317100418.0b4b2acb@inf.fu-berlin.de> <550F3FBF.2060301@stroeder.com> <20150323151849.68b56017@inf.fu-berlin.de> <20150421173538.0e5df4ad@rara.vetmed.fu-berlin.de> <5544F93E.5040304@stroeder.com> <20150502190648.3a06649f@inf.fu-berlin.de> <55450F4F.3030305@stroeder.com> Message-ID: <20150502195937.0219b9e6@inf.fu-berlin.de> Am Sat, 02 May 2015 19:54:23 +0200 schrieb Michael Str?der : > Ren? Kijewski wrote: > > Am Sat, 02 May 2015 18:20:14 +0200 > > schrieb Michael Str?der : > > > >> What I also need is a license statement that you and your employer don't claim > >> rights for the code. Something similar to this: > >> http://www.openldap.org/devel/contributing.html#notice > > > > For now: > > > > The referenced patch [1] is derived from OpenLDAP Software. All of > > the modifications to OpenLDAP Software represented in the following > > patch(es) were developed by Freie Universit?t Berlin. Freie > > Universit?t Berlin has not assigned rights and/or interest in this > > work to any party. I, Ren? Kijewski am authorized by Freie Universit?t > > Berlin, my employer, to release this work under the following terms: > > > > Freie Universit?t Berlin hereby place the following modifications to > > OpenLDAP Software (and only these modifications) into the public > > domain. Hence, these modifications may be freely used and/or > > redistributed for any purpose with or without attribution and/or other > > notice. > > > > 1: https://github.com/Kijewski/python-ldap/commit/3b666b5a4205a30b7ad04695846409b3c89feb58 > > May I assume s/OpenLDAP Software/python-ldap module/g here? Yes. :) -- ?Sometimes there is no point in giving up.? ?Louis Wu From bdauvergne at entrouvert.com Sun May 3 21:10:38 2015 From: bdauvergne at entrouvert.com (Benjamin Dauvergne) Date: Sun, 3 May 2015 21:10:38 +0200 Subject: [python-ldap] Project to support VLV and SSS controls... In-Reply-To: <5544FAC8.4050802@stroeder.com> References: <53152915.3070501@entrouvert.com> <55328D38.10402@stroeder.com> <743c48d1aa95f4db77379000eec421c9@mail.entrouvert.org> <55351E62.4070900@stroeder.com> <5544FAC8.4050802@stroeder.com> Message-ID: <20150503191038.GM16123@ciboulette.entrouvert.og> Le 05/02, Michael Str?der a ?crit : > Michael Str?der wrote: > >bdauvergne wrote: > >>Le 2015-04-18 18:58, Michael Str?der a ?crit : > >>>Benjamin Dauvergne wrote: > >>>>I started a project to implement VLV and SSL controls[1], it's nearly > >>>>finished. My intentions are to propose it for integration inside > >>>>ldap.controls when it's really finished. My first tests gives strange > >>>>results with OpenLDAP; my understanding of the control fields are wrong > >>>>or OpenLDAP implementation is buged; I'm still not sure for now. > >>>> > >>>>[1]: https://github.com/bdauvergne/python-ldap-vlv > >>> > >>>Sorry, it's been a long time since that. > >>> > >>>I have reviewed your code. With your permission I'd like to add the > >>>request/response control stuff to python-ldap. You have to confirm by > >>>e-mail to this list that you want that and that no 3rd party has any > >>>rights for your code. > >> > >>I want this code to be added to python-ldap and no third party have any right > >>to it. > >> > >>For the SSSVLVPagedLDAPObject I'll try to find time to make another proposal > >>that would be thread safe. Maybe just some example code of using the new > >>controls. > > > >I'd rather prefer to just have a demo script. It's a bit similar like Simple > >Paged Results control's or syncrepl cookie. Mainly the application has to deal > >with that. > > Please let me know how to progress with that. > > I'd commit the raw request/response control stuff to python-ldap. > > What I also need is a license statement that you and your employer don't > claim rights for the code. Something similar to this: > > http://www.openldap.org/devel/contributing.html#notice The referenced work[1] is derived from the python-ldap Software. All of the modifications to python-ldap Software represented in this work were developed by Benjamin Dauvergne . I have not assigned rights and/or interest in this work to any party. I, Benjamin Dauvergne, hereby place the referenced work[1] into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. [1]: https://github.com/bdauvergne/python-ldap-vlv From fpx006 at 163.com Thu May 7 06:04:14 2015 From: fpx006 at 163.com (=?GBK?B?t+vF9M/p?=) Date: Thu, 7 May 2015 12:04:14 +0800 (CST) Subject: [python-ldap] HELP: python-ldap install problem in win7 amd64, I can't find 64bit install package in download . Message-ID: <26705db1.8151.14d2c8b9405.Coremail.fpx006@163.com> I use source to install , but find follow error in picture. It's maybe lose some libs or .h file in win7 64bit. Did you have any better way to install in win7 64bit. Looking forward to your reply -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: a.png Type: image/png Size: 77309 bytes Desc: not available URL: From waldemar.osuch at gmail.com Thu May 7 08:16:04 2015 From: waldemar.osuch at gmail.com (Waldemar Osuch) Date: Thu, 7 May 2015 00:16:04 -0600 Subject: [python-ldap] HELP: python-ldap install problem in win7 amd64, I can't find 64bit install package in download . In-Reply-To: <26705db1.8151.14d2c8b9405.Coremail.fpx006@163.com> References: <26705db1.8151.14d2c8b9405.Coremail.fpx006@163.com> Message-ID: On Wed, May 6, 2015 at 10:04 PM, ??? wrote: > win7 64bit. Install pre-build version instead. Building python-ldap on windows is not an easy task. It comes down to having many dependencies. If you have to have 64bit version use builds provided by Christoph Gohlke http://www.lfd.uci.edu/~gohlke/pythonlibs/#python-ldap If 32bit is acceptable you can use the versions from PyPI https://pypi.python.org/pypi/python-ldap/2.4.19 w/o -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.bengfort at posteo.de Mon May 11 08:07:03 2015 From: tobias.bengfort at posteo.de (Tobias Bengfort) Date: Mon, 11 May 2015 08:07:03 +0200 Subject: [python-ldap] ldif fork with python3/unicode support Message-ID: <55504707.70900@posteo.de> Hi, I am working on a fork of the ldif module from python-ldap with python3/unicode support: https://github.com/xi/ldif3 I want to publish it under the BSD License. I am not sure however if this is compatible with you license. So please contact me if I need to change it. regards tobias From michael at stroeder.com Fri Jun 19 14:50:33 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=C3=B6der?=) Date: Fri, 19 Jun 2015 14:50:33 +0200 Subject: [python-ldap] Fwd: LDAPCon 2015 submission deadline approaching In-Reply-To: <20150619123733.GB13026@slab.skills-1st.co.uk> References: <20150619123733.GB13026@slab.skills-1st.co.uk> Message-ID: <871ebb15eef79ad38323041099418305@localhost> HI! Just in case somebody's interested to contribute to this conference but did not send in a proposal yet here's the reminder about the LDAPcon 2015 CfP deadline. Ciao, Michael. -------- Original Message -------- Subject: LDAPCon 2015 submission deadline approaching Date: 2015-06-19 14:37 From: Andrew Findlay To: OpenLDAP Technical mailing list LDAPCon 2015 will be held in Edinburgh on 11-13 November. The submission deadline for paper and tutorial proposals is 28th June so you have just one week to send us your ideas: http://ldapcon.org/2015/?page_id=5 Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | ----------------------------------------------------------------------- From jamesxu at outlook.com Fri Jun 19 20:37:33 2015 From: jamesxu at outlook.com (xujian) Date: Fri, 19 Jun 2015 14:37:33 -0400 Subject: [python-ldap] Bind windows AD server failed from linux client with kerberos authentication Message-ID: Hello, I got a problem when I bind windows AD server from linux client with kerberos authentication. code is simple import ldap, ldap.saslfrom ldap.ldapobject import LDAPObject l = ldap.initialize('ldap://xxxx.xxxx.com')l.set_option(ldap.OPT_REFERRALS, 1)l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)l.set_option(ldap.OPT_DEBUG_LEVEL, 255)auth_tokens = ldap.sasl.gssapi("")l.sasl_interactive_bind_s("", auth_tokens) but I got trace stackTraceback (most recent call last): File "pytest/mysearch.py", line 12, in l.sasl_interactive_bind_s("", auth_tokens) File "/net/hsjxu.n.twosigma.com/userhome/jxu/source/ldap/ext/public/python/ldap/2/4/20/python/ldap/ldapobject.py", line 244, in sasl_interactive_bind_s return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) File "/net/hsjxu.n.twosigma.com/userhome/jxu/source/ldap/ext/public/python/ldap/2/4/20/python/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs)ldap.SUCCESS: {'desc': 'Success'} the error message is weird, it says "success", I think it should be a bug, so the real error message is hidden.I verified the kerberos ticket and environment variable KRB5CCNAME, they are correct.if I use simple bind with user and password authentication mode, bind is successful. when I build the library, I used openldap 2.4.40 and cryrus sasl 2.1.26 library, does anyone can help me look if there is anything wrong in my code? Many thanks ! James -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglist0 at skurfer.com Fri Jun 19 22:06:13 2015 From: mailinglist0 at skurfer.com (Rob McBroom) Date: Fri, 19 Jun 2015 16:06:13 -0400 Subject: [python-ldap] Bind windows AD server failed from linux client with kerberos authentication In-Reply-To: References: Message-ID: <62BFC703-6A1E-4725-8E37-FF4E0E6AD6B2@skurfer.com> On 19 Jun 2015, at 14:37, xujian wrote: > I got a problem when I bind windows AD server from linux client with > kerberos authentication. I wonder if it?s a new manifestation (with new versions of everything involved) of an old problem. See this thread: https://mail.python.org/pipermail/python-ldap/2011q3/003004.html I never did get it to work. I could bind, and even call `whoami`, but as soon as I tried to search, it failed. -- Rob McBroom http://www.skurfer.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From jamesxu at outlook.com Sat Jun 20 01:11:23 2015 From: jamesxu at outlook.com (xujian) Date: Fri, 19 Jun 2015 19:11:23 -0400 Subject: [python-ldap] Bind windows AD server failed from linux client with kerberos authentication In-Reply-To: <62BFC703-6A1E-4725-8E37-FF4E0E6AD6B2@skurfer.com> References: , <62BFC703-6A1E-4725-8E37-FF4E0E6AD6B2@skurfer.com> Message-ID: Thanks Rob! It turns out my openldap build has problem, I rebuild the openldap, then python-ldap bind is fine now. JamesFrom: mailinglist0 at skurfer.com To: jamesxu at outlook.com CC: python-ldap at python.org Subject: Re: [python-ldap] Bind windows AD server failed from linux client with kerberos authentication Date: Fri, 19 Jun 2015 16:06:13 -0400 On 19 Jun 2015, at 14:37, xujian wrote: I got a problem when I bind windows AD server from linux client with kerberos authentication. I wonder if it?s a new manifestation (with new versions of everything involved) of an old problem. See this thread: https://mail.python.org/pipermail/python-ldap/2011q3/003004.html I never did get it to work. I could bind, and even call whoami, but as soon as I tried to search, it failed. -- Rob McBroom http://www.skurfer.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at stroeder.com Sat Jun 20 16:20:43 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sat, 20 Jun 2015 16:20:43 +0200 Subject: [python-ldap] Refactoring LDIFParser Message-ID: <558576BB.50407@stroeder.com> HI! I'm currently rewriting parts of class ldif.LDIFParser and committed the first working version to CVS HEAD. The goal is to keep it backwards-compatible while adding basic support for change records (currently only changetype: modify). See the current diff: http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Lib/ldif.py?r1=1.80&r2=1.81 See current excerpt of CHANGES below. I plan to release this pretty soon durig the next two weeks. So I'd like to encourage everybody to thoroughly test this new module version, at first focusing on the old parsing functionality. Ideally if you have good test coverage in your own code please run your tests with it. The new code looks a bit nicer but it slightly slower. If anyone here has some spare cycle I'd appreciate concrete suggestions for performance improvement. Please report any issue you see on the mailing list here. Ciao, Michael. --------------------------------------------------------------------- * Abandoned old syntax when raising ValueError in modules ldif and ldapurl, more information in some exceptions. * Refactored parts in ldif.LDIFParser: - New class attributes line_counter and byte_counter contain amount of LDIF data read so far - Renamed some internally used methods - Added support for parsing change records currently limited to changetype: modify - New separate methods parse_entry_records() (also called by parse()) and parse_change_records() - Stricter order checking of dn:, changetype:, etc. - Removed non-existent 'AttrTypeandValueLDIF' from ldif.__all__ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From tobias.bengfort at gmx.net Sat Jun 20 17:37:35 2015 From: tobias.bengfort at gmx.net (Tobias Bengfort) Date: Sat, 20 Jun 2015 17:37:35 +0200 Subject: [python-ldap] Refactoring LDIFParser In-Reply-To: <558576BB.50407@stroeder.com> References: <558576BB.50407@stroeder.com> Message-ID: <558588BF.7040208@gmx.net> Hi Michael, I did a python3 compatible version of the ldif module at https://github.com/xi/ldif3 and I am very interested in porting your changes there, especially the improved support for change records. But I will probably not have the time to work on that just yet. As the subject of your mail was about generally refactoring the LDIFParser I thought you might be interested in my project. tobias -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From michael at stroeder.com Sat Jun 20 17:44:43 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sat, 20 Jun 2015 17:44:43 +0200 Subject: [python-ldap] Refactoring LDIFParser In-Reply-To: <558588BF.7040208@gmx.net> References: <558576BB.50407@stroeder.com> <558588BF.7040208@gmx.net> Message-ID: <55858A6B.2070400@stroeder.com> Tobias Bengfort wrote: > I did a python3 compatible version of the ldif module at > https://github.com/xi/ldif3 and I am very interested in porting your > changes there, especially the improved support for change records. But I > will probably not have the time to work on that just yet. > > As the subject of your mail was about generally refactoring the > LDIFParser I thought you might be interested in my project. Already saw your fork. I don't want to sound unfriendly but my spare time is also very limited. So I also don't have the time to maintain your fork which is also not backward-compatible. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From bogorodskiy at gmail.com Sat Jun 20 19:26:29 2015 From: bogorodskiy at gmail.com (Roman Bogorodskiy) Date: Sat, 20 Jun 2015 20:26:29 +0300 Subject: [python-ldap] Installation on FreeBSD via pypi Message-ID: <20150620172627.GA1664@kloomba> Hi, Installation through pip doesn't work out of the box, e.g. running pip install python-ldap fails with: creating build/temp.freebsd-11.0-CURRENT-amd64-2.7/Modules cc -fno-strict-aliasing -O2 -pipe -fstack-protector -fno-strict-aliasing -DNDEBUG -fPIC -DHAVE_SASL -DHAVE_TLS -DHAVE_LIBLDAP_R -DHAVE_LIBLDAP_R -DLDAPMODULE_VERSION=2.4.19 -IModules -I/opt/openldap-RE24/include -I/usr/include/sasl -I/usr/include -I/usr/local/include/python2.7 -c Modules/LDAPObject.c -o build/temp.freebsd-11.0-CURRENT-amd64-2.7/Modules/LDAPObject.o In file included from Modules/LDAPObject.c:9: Modules/errors.h:8:10: fatal error: 'lber.h' file not found #include "lber.h" ^ 1 error generated. error: command 'cc' failed with exit status 1 This happens because openldap-client installed from FreeBSD ports installs headers into /usr/local/include and libs into /usr/local/lib, however, these are not listed in compiler flags. FreeBSD port deals with that by replacing variables in setup.cfg: https://svnweb.freebsd.org/ports/head/net/py-ldap/Makefile?revision=390060&view=markup#l23 However, using port is not always convenient, esp. for working with projects that use virtualenv + pip to manage dependencies (or tox on top of that). For such cases it's very valuable to be make things work out of the box from pypi. Could it be fixed to work straight out from pypi? The obvious fix would be to just modify setup.cfg to add /usr/local/include to 'include_dirs' and /usr/local/lib to 'library_dirs'. Also, /usr/local/include/sasl would be needed I guess. This will make it work on default FreeBSD installations (i.e. for users that use FreeBSD ports or packages) and should not break things on other systems. Other possible way would be to set OS specific options dynamically in setup.py but I'm not sure it's worth an effort. What do you think about that? PS By the way. http://python-ldap.org/download.shtml This page mentions FreeBSD port. FreeBSD ports system moved from CVS to SVN few years ago, so it'd be good to s/CVS/SVN/ here. Also, the port was renamed recently from 'py-ldap2' to 'py-ldap'. THe proper now is: https://svnweb.freebsd.org/ports/head/net/py-ldap/ Thanks Roman Bogorodskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: not available URL: From michael at stroeder.com Sun Jun 21 13:36:32 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sun, 21 Jun 2015 13:36:32 +0200 Subject: [python-ldap] Installation on FreeBSD via pypi In-Reply-To: <20150620172627.GA1664@kloomba> References: <20150620172627.GA1664@kloomba> Message-ID: <5586A1C0.5030808@stroeder.com> Roman Bogorodskiy wrote: > Installation through pip doesn't work out of the box, e.g. running > > pip install python-ldap > > fails with: > [..] > This happens because openldap-client installed from FreeBSD ports installs headers > into /usr/local/include and libs into /usr/local/lib, however, these are > not listed in compiler flags. Thinking about different platforms the issue is even broader How about this one in setup.cfg: library_dirs = /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 include_dirs = /usr/include /usr/include/sasl /usr/local/include /usr/include/local/sasl Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From bogorodskiy at gmail.com Sun Jun 21 19:29:55 2015 From: bogorodskiy at gmail.com (Roman Bogorodskiy) Date: Sun, 21 Jun 2015 20:29:55 +0300 Subject: [python-ldap] Installation on FreeBSD via pypi In-Reply-To: <5586A1C0.5030808@stroeder.com> References: <20150620172627.GA1664@kloomba> <5586A1C0.5030808@stroeder.com> Message-ID: <20150621172954.GA12932@kloomba> Michael Str?der wrote: > Roman Bogorodskiy wrote: > > Installation through pip doesn't work out of the box, e.g. running > > > > pip install python-ldap > > > > fails with: > > [..] > > This happens because openldap-client installed from FreeBSD ports installs headers > > into /usr/local/include and libs into /usr/local/lib, however, these are > > not listed in compiler flags. > > Thinking about different platforms the issue is even broader > > How about this one in setup.cfg: > > library_dirs = /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 > include_dirs = /usr/include /usr/include/sasl /usr/local/include > /usr/include/local/sasl ^^^^^^^^^^^^^ Looks like a typo, needs to be /usr/local/include/sasl I think. It looks like a good set of defaults for library_dirs and include_dirs. Thanks Roman Bogorodskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: not available URL: From michael at stroeder.com Sun Jun 21 19:51:17 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Sun, 21 Jun 2015 19:51:17 +0200 Subject: [python-ldap] Installation on FreeBSD via pypi In-Reply-To: <20150621172954.GA12932@kloomba> References: <20150620172627.GA1664@kloomba> <5586A1C0.5030808@stroeder.com> <20150621172954.GA12932@kloomba> Message-ID: <5586F995.7050903@stroeder.com> Roman Bogorodskiy wrote: > Michael Str?der wrote: > >> Roman Bogorodskiy wrote: >>> Installation through pip doesn't work out of the box, e.g. running >>> >>> pip install python-ldap >>> >>> fails with: >>> [..] >>> This happens because openldap-client installed from FreeBSD ports installs headers >>> into /usr/local/include and libs into /usr/local/lib, however, these are >>> not listed in compiler flags. >> >> Thinking about different platforms the issue is even broader >> >> How about this one in setup.cfg: >> >> library_dirs = /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 >> include_dirs = /usr/include /usr/include/sasl /usr/local/include >> /usr/include/local/sasl > ^^^^^^^^^^^^^ > > Looks like a typo, needs to be /usr/local/include/sasl I think. Thanks. Fixed. > It looks like a good set of defaults for library_dirs and include_dirs. Will be released with 2.4.20 probably pretty soon. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Mon Jun 22 13:59:03 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Mon, 22 Jun 2015 13:59:03 +0200 Subject: [python-ldap] extending LDAPObject Message-ID: <5587F887.2050407@stroeder.com> HI! In web2ldap I have several more features in a LDAPObject wrapper class: - Caching - sending LDAPv3 extended controls for groups of operations See source here: https://fossies.org/dox/web2ldap-1.2.32/ldapsession_8py_source.html#l00128 I wonder whether folks want to see this in python-ldap's ldap.ldapobject and in which form? 1. One monolithic SimpleLDAPObject which might result in code bloat but would not need additional application code. 2. Various mix-in classes for choosing functionality you like but which requires own class declaration in calling application code. Whatever implementation is chosen testers are needed! Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From michael at stroeder.com Mon Jun 22 18:51:31 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Mon, 22 Jun 2015 18:51:31 +0200 Subject: [python-ldap] Project to support VLV and SSS controls... In-Reply-To: <20150503191038.GM16123@ciboulette.entrouvert.og> References: <53152915.3070501@entrouvert.com> <55328D38.10402@stroeder.com> <743c48d1aa95f4db77379000eec421c9@mail.entrouvert.org> <55351E62.4070900@stroeder.com> <5544FAC8.4050802@stroeder.com> <20150503191038.GM16123@ciboulette.entrouvert.og> Message-ID: <55883D13.2010000@stroeder.com> Benjamin, Benjamin Dauvergne wrote: > The referenced work[1] is derived from the python-ldap Software. All of the > modifications to python-ldap Software represented in this work were developed > by Benjamin Dauvergne . I have not assigned rights > and/or interest in this work to any party. > > I, Benjamin Dauvergne, hereby place the referenced work[1] into the public > domain. Hence, these modifications may be freely used and/or redistributed for > any purpose with or without attribution and/or other notice. > > [1]: https://github.com/bdauvergne/python-ldap-vlv I've committed to new sub-modules ldap.controls.vlv and ldap.controls.sss to CVS HEAD. I've cleaned it up a bit to make the code match the conventions used in other sub-modules in ldap.controls. Especially the order of basic arguments for __init__() method must be preserved. Please, every change should be a patch against CVS HEAD if possible. I did not have the time to write a Demo/ script. Please provide one if possible. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From bogorodskiy at gmail.com Tue Jun 23 13:15:26 2015 From: bogorodskiy at gmail.com (Roman Bogorodskiy) Date: Tue, 23 Jun 2015 15:15:26 +0400 Subject: [python-ldap] Installation on FreeBSD via pypi In-Reply-To: <5586F995.7050903@stroeder.com> References: <20150620172627.GA1664@kloomba> <5586A1C0.5030808@stroeder.com> <20150621172954.GA12932@kloomba> <5586F995.7050903@stroeder.com> Message-ID: <20150623111524.GA4360@dev.san.ru> Michael Str?der wrote: > Roman Bogorodskiy wrote: > > Michael Str?der wrote: > > > >> Roman Bogorodskiy wrote: > >>> Installation through pip doesn't work out of the box, e.g. running > >>> > >>> pip install python-ldap > >>> > >>> fails with: > >>> [..] > >>> This happens because openldap-client installed from FreeBSD ports installs headers > >>> into /usr/local/include and libs into /usr/local/lib, however, these are > >>> not listed in compiler flags. > >> > >> Thinking about different platforms the issue is even broader > >> > >> How about this one in setup.cfg: > >> > >> library_dirs = /usr/lib /usr/lib64 /usr/local/lib /usr/local/lib64 > >> include_dirs = /usr/include /usr/include/sasl /usr/local/include > >> /usr/include/local/sasl > > ^^^^^^^^^^^^^ > > > > Looks like a typo, needs to be /usr/local/include/sasl I think. > > Thanks. Fixed. > > > It looks like a good set of defaults for library_dirs and include_dirs. > > Will be released with 2.4.20 probably pretty soon. Thanks, looking forward to it! By the way, have you had a chance to take a look at the FreeBSD port link fix on the http://www.python-ldap.org/download.shtml I suggested in the first email in the thread? Thanks, Roman Bogorodskiy From michael at stroeder.com Tue Jun 23 19:16:47 2015 From: michael at stroeder.com (=?UTF-8?Q?Michael_Str=c3=b6der?=) Date: Tue, 23 Jun 2015 19:16:47 +0200 Subject: [python-ldap] Installation on FreeBSD via pypi In-Reply-To: <20150623111524.GA4360@dev.san.ru> References: <20150620172627.GA1664@kloomba> <5586A1C0.5030808@stroeder.com> <20150621172954.GA12932@kloomba> <5586F995.7050903@stroeder.com> <20150623111524.GA4360@dev.san.ru> Message-ID: <5589947F.801@stroeder.com> Roman Bogorodskiy wrote: > By the way, have you had a chance to take a look at the FreeBSD port > link fix on the http://www.python-ldap.org/download.shtml I suggested > in the first email in the thread? Sorry, had overlooked it. Fixed. Ciao, Michael. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4272 bytes Desc: S/MIME Cryptographic Signature URL: From rkuska at redhat.com Wed Jun 24 14:19:57 2015 From: rkuska at redhat.com (Robert Kuska) Date: Wed, 24 Jun 2015 08:19:57 -0400 (EDT) Subject: [python-ldap] ldap and python3 support In-Reply-To: <212705204.22166678.1435146426487.JavaMail.zimbra@redhat.com> Message-ID: <1486714263.22181051.1435148397851.JavaMail.zimbra@redhat.com> Hello everyone, I am Robert Kuska from fedoraproject, I am a python co-maintainer and co-owner of change Python3 as default which aims to provide python3 only packages by default across different fedora platform releases[0]. The reason why I am contacting you is, that ldap is important dependency of some bigger projects on our default installation so the fate of python3 migration relay also on your package and state of python3 support (which is non atm). Do you plan to invest any time to python3 support in near future (meaning months, specifically, we need python3-ldap before 1st of September)? Do you plan to merge already existing ldap fork with python3 support[1]? Or should we find a replacement for python-ldap? Thank you for your time. [0]https://fedoraproject.org/wiki/Changes/Python_3_as_Default [1]https://github.com/rbarrois/python-ldap -- Robert Kuska {rkuska} From bogorodskiy at gmail.com Thu Jun 25 06:25:59 2015 From: bogorodskiy at gmail.com (Roman Bogorodskiy) Date: Thu, 25 Jun 2015 08:25:59 +0400 Subject: [python-ldap] Installation on FreeBSD via pypi In-Reply-To: <5589947F.801@stroeder.com> References: <20150620172627.GA1664@kloomba> <5586A1C0.5030808@stroeder.com> <20150621172954.GA12932@kloomba> <5586F995.7050903@stroeder.com> <20150623111524.GA4360@dev.san.ru> <5589947F.801@stroeder.com> Message-ID: <20150625042558.GA15213@dev.san.ru> Michael Str?der wrote: > Roman Bogorodskiy wrote: > > By the way, have you had a chance to take a look at the FreeBSD port > > link fix on the http://www.python-ldap.org/download.shtml I suggested > > in the first email in the thread? > > Sorry, had overlooked it. Fixed. Thanks! Roman Bogorodskiy