Menu
▾
▴
Re: python-ldap vs. Active directory
|
From: Jens V. <je...@da...> - 2005-05-23 12:46:22
|
On May 22, 2005, at 14:11, Michael Str=F6der wrote: > Jens Vagelpohl wrote: > >> For what it's worth, a long time ago I had the same problems with the >> LDAPUserFolder Zope product against AD. Among the resultset =20 >> returned by >> a query there would always be one record that made everything =20 >> barf. The >> (not very clean) workaround has been to special-case that record and >> discard it. It is a AD-specific referral. >> > > How did you sort out this special case? > > IMO the appropriate way is to sort out the search references. > Having to deal with referrals / search references is *not* AD-=20 > specific! I know that references need to be dealt with, however, I have no AD =20 instance to test anything and thus the only goal was to make things =20 work somehow. I personally do not support AD, it's only on the basis =20 of "if it works for you, great. if not, sorry, can't help". Besides, =20 these "invalid" records come back as part of a normal set of search =20 results - leaving them out hasn't made anyone complain yet. The specific case here is the return value from =20 ldap_connection.search_s, which I assume to be a sequence of two-item =20= sequences consisting of a string (the DN) and a dictionary (the =20 attributes and their values). However, with AD you can get stuff like =20= this as part f the results sequence: (None, ['ldap://ForestDnsZones.PORTAL.LOCAL/=20 DC=3DForestDnsZones,DC=3DPORTAL,DC=3DLOCAL']) I simply discard anything where the second element is not a dictionary. jens |
