#58 Invalid syntax in 389-ds' get-effective-rights

closed-rejected
None
5
2012-05-12
2012-03-14
No

New python-ldap python-ldap-2.4.6-2.fc17.x86_64 can no longer retrieve effective rights for an LDAP object. I get the following traceback when I try to retrieve effective rights:

Traceback (most recent call last):
File "/home/mkosek/bin/testaci.py", line 19, in <module>
conn.search_s(USER_DN, ldap.SCOPE_BASE, '(objectClass=*)', ['cn'])
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 552, in
search_s
return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 546, in
search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 458, in
result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 462, in
result2
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 469, in
result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 476, in
result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
_ldap_call
result = func(*args,**kwargs)
ldap.INVALID_SYNTAX: {'info': 'get-effective-rights: missing subject', 'desc':
'Invalid syntax'}

Error in 389-ds error log:
[13/Mar/2012:04:39:06 -0400] NSACLPlugin - get-effective-rights: missing
subject
[13/Mar/2012:04:39:06 -0400] - Failed to get effective rights for entry
(uid=admin,cn=users,
cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com), rc=21

The previous version of python-ldap I tested (python-ldap-2.3.12-2.fc15.x86_64) worked.

The issue can be easily reproduced against 389-ds with the attached Python script.

Discussion

  • Anonymous - 2012-03-14

    Issue reproducer

     
  • Michael Ströder

    No code provided by reporter. Likely not a bug in python-ldap => closed

    The API for LDAPv3 extended controls slightly changed in release 2.4.0+.
    Please ask usage questions on the python-ldap@python.org mailing list.

     
  • Michael Ströder

    • assigned_to: nobody --> stroeder
    • status: open --> closed-rejected
     
  • Michael Ströder

    Again:
    The API for LDAPv3 extended controls slightly changed in release 2.4.0+.
    Please ask usage questions on the python-ldap@python.org mailing list.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks