Re: python-ldap and openldap 2.07

[Michael <mi...@st...>]

don...@ma... wrote:
> 
> Basically I'm writing some code for the Mailman mailing list software, so
> that it can do authentication, subscription, etc by LDAP. Have the authentication
> working after some initial playing with the python-ldap module, but I can't
> for the life of me modify any values in the ldap directory.
> 
> Having read some of the previous discussion on this list (ANNC and query:
> ldapmodule-1.10a3-patched RPMs available), it looks like the problem I'm
> having is to do with OpenLDAP and it's ACLs.  Am i correct in thinking this???

I don't think so. Do the following:

1. Remove all ACLs in your slapd.conf for testing your Python code
to make sure you don't have wrong ACLs. Off course do this on a test
machine!

2. Run your OpenLDAP server with ACLs in place with verbose logging.

> If so, am i correct in thinking there is a "patch" to solve the problem

No. ACLs with OpenLDAP 1 and 2 are configured in slapd.conf. This
has nothing to do with python-ldap. Take questions related to ACL
configuration with OpenLDAP to ope...@op... list.

> *I may just be just making errors in my code, but i'm nearly sure i'm not*
> the line of code i'm using:
> res = l.modify_s(user_dn, [(MOD_REPLACE, 'userPassword', [new_pw])])
> where:
> user_dn = cn=huntd2,ou=RedGiant,o=DCU
           ^                           ^
Forgot the quotes?

> new_pw = newpw

???

Feel free to dig into web2ldap's module w2lpasswd...

> is there a way to get the LDAP error codes back from the python-ldap module??

In case of an error an exception is raise. See
http://python-ldap.sourceforge.net/doc/lib/subsec:exceptfrommeth.html

Ciao, Michael.