Menu
▾
▴
python-ldap-dev — discussion among developers
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
(34) |
Mar
(9) |
Apr
|
May
(2) |
Jun
(14) |
Jul
(67) |
Aug
(34) |
Sep
(5) |
Oct
(20) |
Nov
(22) |
Dec
(31) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(15) |
Feb
(16) |
Mar
(20) |
Apr
(13) |
May
(72) |
Jun
(42) |
Jul
(41) |
Aug
(11) |
Sep
(19) |
Oct
(67) |
Nov
(59) |
Dec
(57) |
| 2002 |
Jan
(74) |
Feb
(69) |
Mar
(34) |
Apr
(55) |
May
(47) |
Jun
(74) |
Jul
(116) |
Aug
(68) |
Sep
(25) |
Oct
(42) |
Nov
(28) |
Dec
(52) |
| 2003 |
Jan
(19) |
Feb
(18) |
Mar
(35) |
Apr
(49) |
May
(73) |
Jun
(39) |
Jul
(26) |
Aug
(59) |
Sep
(33) |
Oct
(56) |
Nov
(69) |
Dec
(137) |
| 2004 |
Jan
(276) |
Feb
(15) |
Mar
(18) |
Apr
(27) |
May
(25) |
Jun
(7) |
Jul
(13) |
Aug
(2) |
Sep
(2) |
Oct
(10) |
Nov
(27) |
Dec
(28) |
| 2005 |
Jan
(22) |
Feb
(25) |
Mar
(41) |
Apr
(17) |
May
(36) |
Jun
(13) |
Jul
(22) |
Aug
(12) |
Sep
(23) |
Oct
(6) |
Nov
(4) |
Dec
|
| 2006 |
Jan
(11) |
Feb
(3) |
Mar
(5) |
Apr
(22) |
May
(1) |
Jun
(10) |
Jul
(19) |
Aug
(7) |
Sep
(25) |
Oct
(23) |
Nov
(5) |
Dec
(27) |
| 2007 |
Jan
(25) |
Feb
(17) |
Mar
(44) |
Apr
(8) |
May
(33) |
Jun
(31) |
Jul
(42) |
Aug
(16) |
Sep
(12) |
Oct
(16) |
Nov
(23) |
Dec
(73) |
| 2008 |
Jan
(26) |
Feb
(6) |
Mar
(46) |
Apr
(17) |
May
(1) |
Jun
(44) |
Jul
(9) |
Aug
(34) |
Sep
(20) |
Oct
(2) |
Nov
(4) |
Dec
(16) |
| 2009 |
Jan
(14) |
Feb
(3) |
Mar
(45) |
Apr
(52) |
May
(34) |
Jun
(32) |
Jul
(24) |
Aug
(52) |
Sep
(22) |
Oct
(23) |
Nov
(19) |
Dec
(10) |
| 2010 |
Jan
(10) |
Feb
(13) |
Mar
(22) |
Apr
(9) |
May
(1) |
Jun
(1) |
Jul
(8) |
Aug
(9) |
Sep
(10) |
Oct
(1) |
Nov
(2) |
Dec
(3) |
| 2011 |
Jan
|
Feb
(18) |
Mar
(39) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Michael S. <mi...@st...> - 2008-06-16 22:22:05
|
Matej Vela wrote: > Michael Ströder <mi...@st...> writes: > >> And how about OpenLDAP libs and gnutls? Yes, I'm nagging here, but >> because of very good reasons. > > I don't see it as nagging at all, you're perfectly right not to support > modifications you're not comfortable with. I hope we provide a > reasonable level of support ourselves, both on this list and through > bugs.debian.org. Matej, sure I appreciate your contributions to python-ldap's code. Your patches in the past helped a lot. > To provide some context, OpenLDAP 2.1 client libraries were not quite as > ancient at the time the current Debian release was frozen in late 2006. Late 2006 the OpenLDAP 2.3.x branch really matured. Since the OpenLDAP developers never maintain more than two branches at the same time they surely had set at least the status of OpenLDAP 2.1 to historic. Which means: Don't use it. I believe work on OpenLDAP 2.4.x code branch might have already started so 2.2.x was maybe already historic at that time either. The files' timestamp here seem plausible to me (I even remember Kurt releasing OpenLDAP 1.0 back in '98): ftp://ftp.openldap.org/pub/openldap/openldap-release > A newer version didn't make it in time due to problems with symbol > versioning -- because of the large number of libraries and plugins > linked with libldap, a binary could end up simultaneously using code > compiled with different LDAP ABIs, and promptly crash. Well, the even API of python-ldap is different when linked to such old OpenLDAP libs. My aim is to really stream-line that. > The next Debian > release (due out later this year) will use libldap 2.4 with versioned > symbols. I appreciate it. Maybe it would be worth to talk more with upstream developers which version of their code to use in a freezed distribution release. Ciao, Michael. |
|
From: Michael S. <mi...@st...> - 2008-06-16 22:10:13
|
Ryan Lovett wrote: > I'm sure the gnutls folks would welcome your bug reports about its security > and stability. Howard Chu did an analysis and discussed that with gnutls developers since OpenLDAP users reported crashes when using LDAP with SSL. I'm not feeling comfortable with what he found out: http://www.openldap.org/lists/openldap-devel/200802/msg00072.html More related postings: http://www.openldap.org/lists/openldap-devel/200802/msg00100.html Well, assuming a single-valued subjectAltName extension is simply naive. I'm aware of Debian's licensing paranoia regarding OpenSSL. But deploying a X.509 lib which is not capable of handling widely used X.509v3 extensions safely is not a solution either. I'm not a C programmer. But I wrote a X.509 cert parser in Python myself running it through a collection of several hundred weird formatted certs when testing. So I know what you have to expect when doing this. Ciao, Michael. |
|
From: Matej V. <ve...@de...> - 2008-06-16 20:36:50
|
Michael Ströder <mi...@st...> writes: > And how about OpenLDAP libs and gnutls? Yes, I'm nagging here, but > because of very good reasons. I don't see it as nagging at all, you're perfectly right not to support modifications you're not comfortable with. I hope we provide a reasonable level of support ourselves, both on this list and through bugs.debian.org. To provide some context, OpenLDAP 2.1 client libraries were not quite as ancient at the time the current Debian release was frozen in late 2006. A newer version didn't make it in time due to problems with symbol versioning -- because of the large number of libraries and plugins linked with libldap, a binary could end up simultaneously using code compiled with different LDAP ABIs, and promptly crash. The next Debian release (due out later this year) will use libldap 2.4 with versioned symbols. I'm not sure which python-ldap package you were looking at, but the one we released with, 2.2.0-3, has a 19-line patch for OpenLDAP 2.1. Later development versions used a 130-line patch, but none of these were released for production use. The patch is a currently a no-op, and I intend to fully remove it before we release. As for GnuTLS, the main reason it's used is the unfortunate incompatibility between the OpenSSL license and the GPL [1]. I'm not aware of stability or security issues in current versions. [1] <http://www.gnome.org/~markmc/openssl-and-the-gpl.html> Cheers, Matej |
|
From: Ryan L. <ry...@st...> - 2008-06-16 18:36:08
|
On Mon, Jun 16, 2008 at 07:48:33PM +0200, Michael Ströder wrote: > Ryan Lovett wrote: > > We're using the versions that ship with any Ubuntu LTS. > > Can you please explain what that means for the Python versions available > in the Ubuntu repository? http://packages.ubuntu.com/python-ldap gives a good overview. LTS means "long term support" where Ubuntu pledges to support the release for 5 years. (https://wiki.ubuntu.com/LTS) There have been two LTS releases, dapper (6.06) and hardy (8.04) where http://packages.ubuntu.com/dapper/python-ldap which is 2.0.4. http://packages.ubuntu.com/hardy/python-ldap which is 2.3.1. > I vaguely remember that Ubuntu also uses Debian packages (please correct > me if I'm wrong). That is correct, Ubuntu is a Debian-based distro: http://www.ubuntu.com/community/ubuntustory/Debian > And since there were Debian packages heavily patched in May 2007 to still > work with ancient OpenLDAP libs 2.1 and Debian links OpenLDAP to gnutls > (which is insecure and sometimes crashes) I don't give any support for > their python-ldap packages. Even the API might not be compatible... On an amd64 hardy machine: $ ldd /usr/lib/python2.5/site-packages/_ldap.so linux-vdso.so.1 => (0x00007ffff1dfe000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00007f4ee97f2000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00007f4ee95e4000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f4ee93ca000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f4ee91ae000) libc.so.6 => /lib/libc.so.6 (0x00007f4ee8e4c000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f4ee8c35000) libgnutls.so.13 => /usr/lib/libgnutls.so.13 (0x00007f4ee89b1000) libdl.so.2 => /lib/libdl.so.2 (0x00007f4ee87ad000) /lib64/ld-linux-x86-64.so.2 (0x00007f4ee9c63000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007f4ee859c000) libz.so.1 => /usr/lib/libz.so.1 (0x00007f4ee8385000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007f4ee8137000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00007f4ee7f33000) I'm sure the gnutls folks would welcome your bug reports about its security and stability. All in your abundant spare time of course. :) https://savannah.gnu.org/support/?group=gnutls http://www.gnu.org/software/gnutls/bugs.html Ryan |
|
From: Michael S. <mi...@st...> - 2008-06-16 18:18:36
|
Matej Vela wrote: > Ryan Lovett <ry...@st...> writes: > >> On Mon, Jun 16, 2008 at 03:48:39PM +0200, Michael Ströder wrote: >>> I'd like to hear from the Python community whether support for Python >>> version prior to 2.3 is still needed in python-ldap. Please tell me >>> which Python version you're using and why it'd be important for you to >>> have python-ldap updates still supporting it. >> We're using the versions that ship with any Ubuntu LTS. From experience >> they sometimes don't backport crucial fixes, though python-ldap is in their >> main repository so I'm sure its higher priority for them. > > In this case it shouldn't be a problem, all currently supported versions of > Ubuntu use Python 2.4 or higher. Debian currently ships with 2.3 and 2.4. And how about OpenLDAP libs and gnutls? Yes, I'm nagging here, but because of very good reasons. Ciao, Michael. |
|
From: Matej V. <ve...@de...> - 2008-06-16 17:52:54
|
Ryan Lovett <ry...@st...> writes: > On Mon, Jun 16, 2008 at 03:48:39PM +0200, Michael Ströder wrote: >> I'd like to hear from the Python community whether support for Python >> version prior to 2.3 is still needed in python-ldap. Please tell me >> which Python version you're using and why it'd be important for you to >> have python-ldap updates still supporting it. > > We're using the versions that ship with any Ubuntu LTS. From experience > they sometimes don't backport crucial fixes, though python-ldap is in their > main repository so I'm sure its higher priority for them. In this case it shouldn't be a problem, all currently supported versions of Ubuntu use Python 2.4 or higher. Debian currently ships with 2.3 and 2.4. Cheers, Matej |
|
From: Michael S. <mi...@st...> - 2008-06-16 17:49:16
|
Ryan Lovett wrote: > On Mon, Jun 16, 2008 at 03:48:39PM +0200, Michael Ströder wrote: >> I'd like to hear from the Python community whether support for Python >> version prior to 2.3 is still needed in python-ldap. Please tell me >> which Python version you're using and why it'd be important for you to >> have python-ldap updates still supporting it. > > We're using the versions that ship with any Ubuntu LTS. Can you please explain what that means for the Python versions available in the Ubuntu repository? Just a side note: I vaguely remember that Ubuntu also uses Debian packages (please correct me if I'm wrong). And since there were Debian packages heavily patched in May 2007 to still work with ancient OpenLDAP libs 2.1 and Debian links OpenLDAP to gnutls (which is insecure and sometimes crashes) I don't give any support for their python-ldap packages. Even the API might not be compatible... Ciao, Michael. |
|
From: Ryan L. <ry...@st...> - 2008-06-16 16:46:15
|
On Mon, Jun 16, 2008 at 03:48:39PM +0200, Michael Ströder wrote: > I'd like to hear from the Python community whether support for Python > version prior to 2.3 is still needed in python-ldap. Please tell me > which Python version you're using and why it'd be important for you to > have python-ldap updates still supporting it. We're using the versions that ship with any Ubuntu LTS. From experience they sometimes don't backport crucial fixes, though python-ldap is in their main repository so I'm sure its higher priority for them. Ryan |
|
From: Garland, K. R <gar...@gm...> - 2008-06-16 16:18:20
|
2.3 to 2.5 in all of my environments. On Mon, Jun 16, 2008 at 9:48 AM, Michael Ströder <mi...@st...> wrote: > HI! > > I'd like to hear from the Python community whether support for Python > version prior to 2.3 is still needed in python-ldap. Please tell me > which Python version you're using and why it'd be important for you to > have python-ldap updates still supporting it. > > BTW: Actually older Python versions are not tested with recent > python-ldap since at least two years. But I'd like to clearly decide on > that. > > Ciao, Michael. > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > |
|
From: Jens V. <je...@da...> - 2008-06-16 15:42:23
|
On Jun 16, 2008, at 17:07 , Michael Ströder wrote: > Torsten Kurbad wrote: >> Jens Vagelpohl wrote: >>> IMHO it's really not a big deal to tell people they must use older >>> python-ldap releases if they insist on running Python versions that >>> are no longer supported by anyone. >> >> Exactly my opinion! > > You both want to convince me to keep older versions visible. ;-) > > Well, that's an admirable plan. But only worth the trouble if someone > tracks which python-ldap release is guaranteed to work with which > Python > release. That's not done at the moment. Voluntary work in this field > is > appreciated. ;-} I'm not sure what you mean by tracking this compatibility. I can see by looking at e.g. python-ldap-2.2.1 the INSTALL document says "Python 2.0 or greater". IMHO that's enough information. I don't think there's any need to go back and specify the highest release the package is supposed to work with (I'm guessing that's what you mean), like saying "only works with the Python 2.0-2.4 releases". People should be intelligent enough to not expect compatibility with a major Python release that did not exist when a given python-ldap package version was released. jens |
|
From: Michael S. <mi...@st...> - 2008-06-16 15:07:49
|
Torsten Kurbad wrote: > Jens Vagelpohl wrote: >> IMHO it's really not a big deal to tell people they must use older >> python-ldap releases if they insist on running Python versions that >> are no longer supported by anyone. > > Exactly my opinion! You both want to convince me to keep older versions visible. ;-) Well, that's an admirable plan. But only worth the trouble if someone tracks which python-ldap release is guaranteed to work with which Python release. That's not done at the moment. Voluntary work in this field is appreciated. ;-} Ciao, Michael. |
|
From: Torsten K. <pyt...@tk...> - 2008-06-16 14:55:15
|
Hi! >> I'd like to hear from the Python community whether support for Python >> version prior to 2.3 is still needed in python-ldap. Please tell me >> which Python version you're using and why it'd be important for you to >> have python-ldap updates still supporting it. We are solely using 2.4.4 at the moment and will move to 2.5 as soon as the restricted Python in Zope3 fully supports it. > IMHO it's really not a big deal to tell people they must use older > python-ldap releases if they insist on running Python versions that > are no longer supported by anyone. Exactly my opinion! Best regards, Torsten -- Never make anything simple and efficient when a way can be found to make it complex and wonderful. - Murphy's Law No. 13 - |
|
From: Jens V. <je...@da...> - 2008-06-16 13:59:06
|
On Jun 16, 2008, at 15:48 , Michael Ströder wrote: > HI! > > I'd like to hear from the Python community whether support for Python > version prior to 2.3 is still needed in python-ldap. Please tell me > which Python version you're using and why it'd be important for you to > have python-ldap updates still supporting it. Using Python 2.4 in 95% of all cases, 2.3 for rare cases when someone needs to run Zope older than 2.8. Not using anything older at all, but also not using 2.5. So in essence, I'm not looking for any compatibility for Python versions < 2.3. IMHO it's really not a big deal to tell people they must use older python-ldap releases if they insist on running Python versions that are no longer supported by anyone. jens |
|
From: Ron T. <Ro...@US...> - 2008-06-16 13:56:39
|
Hi Michael, Thank you for all your hard work! We are using python2.4.4, but only because of other software that is tied to it and the lack of available time to upgrade. Ron Teitelbaum > -----Original Message----- > From: pyt...@li... [mailto:python-ldap- > dev...@li...] On Behalf Of Michael Ströder > Sent: Monday, June 16, 2008 9:49 AM > To: pyt...@li... > Subject: Who is using python-ldap with Python 1.5.x and 2.0-2.2? > > HI! > > I'd like to hear from the Python community whether support for Python > version prior to 2.3 is still needed in python-ldap. Please tell me > which Python version you're using and why it'd be important for you to > have python-ldap updates still supporting it. > > BTW: Actually older Python versions are not tested with recent > python-ldap since at least two years. But I'd like to clearly decide on > that. > > Ciao, Michael. > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev |
|
From: Michael S. <mi...@st...> - 2008-06-16 13:49:12
|
HI! I'd like to hear from the Python community whether support for Python version prior to 2.3 is still needed in python-ldap. Please tell me which Python version you're using and why it'd be important for you to have python-ldap updates still supporting it. BTW: Actually older Python versions are not tested with recent python-ldap since at least two years. But I'd like to clearly decide on that. Ciao, Michael. |
|
From: Jens V. <je...@da...> - 2008-06-11 14:45:17
|
On Jun 11, 2008, at 09:25 , Michael Ströder wrote: > Jens Vagelpohl wrote: >> Personally, I can't stand that SF setup. > > Are you talking about python-ldap? I generally hide old releases. > There > are pros and cons for that. python-ldap and general. SF is a pile of steaming you know what. It's slow, ugly, annoying, and they make it near impossible to give people reliable download links that do not require jumping into a browser so they can push ads into your face. And yes, I really don't like hiding older releases. ;-) jens |
|
From: Michael S. <mi...@st...> - 2008-06-11 14:26:10
|
Jens Vagelpohl wrote: > On Jun 11, 2008, at 02:36 , Michael Ströder wrote: >> Sigh! One more place to go when doing a release... > > If I were you I'd put releases on PyPI only and just point people > there. I'll consider this. > Personally, I can't stand that SF setup. Are you talking about python-ldap? I generally hide old releases. There are pros and cons for that. > Just a few days ago I had the hardest time to find a release older > than the current release so I could look at its documentation. Note that the versioning of the python-ldap docs isn't that strictly tied to the implementation itself (like it is with Python). This should be better in the future but still the current API isn't fully documented. Ciao, Michael. |
|
From: Jens V. <je...@da...> - 2008-06-11 13:20:18
|
On Jun 11, 2008, at 02:36 , Michael Ströder wrote: > Sigh! One more place to go when doing a release... If I were you I'd put releases on PyPI only and just point people there. Using setuptools this is a one line command from within your checkout, you don't even need to create the tarball yourself anymore. If you want to chat about a good release strategy and/or help handling that let me know. Personally, I can't stand that SF setup. Just a few days ago I had the hardest time to find a release older than the current release so I could look at its documentation. jens |
|
From: Michael S. <mi...@st...> - 2008-06-11 07:37:07
|
cedric briner wrote: > > I'm using ez_install to have a fresh python-ldap modules. Frankly I'm not really familiar with ez_install. > python ez_setup.py -s ../bin -d ../lib python-ldap > Searching for python-ldap > Reading http://pypi.python.org/simple/python-ldap/ > Reading http://python-ldap.sourceforge.net/ > Reading http://python-ldap.sourceforge.net/download.shtml > Best match: python-ldap cvsroot > Downloading > http://cvs.sourceforge.net/cvstarballs/python-ldap-cvsroot.tar.gz > error: Can't download > http://cvs.sourceforge.net/cvstarballs/python-ldap-cvsroot.tar.gz: 503 > Service Unavailable Well, that link is obsolete since years...removed it. I also edited the package info for the recent release: http://pypi.python.org/pypi?name=python-ldap&version=2.3.4&:action=display Sigh! One more place to go when doing a release... Ciao, Michael. |
|
From: cedric b. <wo...@in...> - 2008-06-11 06:37:02
|
Hi, I'm using ez_install to have a fresh python-ldap modules. I do: python ez_setup.py -s ../bin -d ../lib python-ldap Searching for python-ldap Reading http://pypi.python.org/simple/python-ldap/ Reading http://python-ldap.sourceforge.net/ Reading http://python-ldap.sourceforge.net/download.shtml Best match: python-ldap cvsroot Downloading http://cvs.sourceforge.net/cvstarballs/python-ldap-cvsroot.tar.gz error: Can't download http://cvs.sourceforge.net/cvstarballs/python-ldap-cvsroot.tar.gz: 503 Service Unavailable and yes, as you can see cvs.sourceforge.net is down ! Did you know about this ? Is this under your responsabilities ? Because, I do need an egg for SunOS for Python 2.4.4 :| Sed -- Cedric BRINER Geneva - Switzerland |
|
From: Michele P. - U. s. <mic...@un...> - 2008-06-09 06:54:01
|
Michele Petrazzo - Unipex srl wrote: <-cut-> Hi, thanks to all for the quickly reply. It was that it's the first time that I try to use ldap ;) and that like Bjørn says, "The DN is not a part of the ldif when using the API. " Remove that, now it's all working! Michele |
|
From: Ron T. <Ro...@US...> - 2008-06-08 17:30:47
|
Hi Michele, Have a look at this http://www.grotan.com/ldap/python-ldap-samples.html I thought it was pretty helpful. It's easier to build the ldif using the modlist. Ron > -----Original Message----- > From: pyt...@li... [mailto:python-ldap- > dev...@li...] On Behalf Of Michele Petrazzo - Unipex > srl > Sent: Saturday, June 07, 2008 3:09 AM > To: pyt...@li... > Subject: Problem on add > > Hi list, > I'm trying, for the first time, to use python-ldap and I find some > problems on add. I have a code that are, more or less: > > LDAP_BASE_DN = "dc=unipex,dc=it" > > ldif = [('dn', 'cn=A name,ou=People,dc=unipex,dc=it'), ('cn', 'A name'), > ('objectclass', ['top', 'person', 'inetOrgPerson', > 'organizationalPerson', 'mozillaOrgPerson']), ('sn', 'A name'), ('mail', > 'a_...@ma...'), ('givenName', 'Michele')] > > > l.add_s(LDAP_BASE_DN, ldif) > > And I receive: > > ldap.UNDEFINED_TYPE: {'info': 'dn: attribute type undefined', 'desc': > 'Undefined attribute type'} > d > > > But if I save the same data into a ldif file and add it with: > ldapadd -xv -D "cn=admin,dc=unipex,dc=it" -f test_entry.ldif -W > > it works! > > What can I try or where look for solve it? > > Thanks, > Michele > > P.s. I trying to add an ldif data into ldap with mozilla scheme > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev |
|
From: D. H. <da...@hl...> - 2008-06-07 11:16:03
|
Hello Julien, ALL
I have reproduced steps, to show you sample on another module and its
results in INN (becouse i really like to solve this :)
Here is part from nnrpd_auth.py module autheticate(args) which is called
when authentication begins:
part from readers.conf :
*auth "pdg" {
python_auth: "nnrpd_auth.py"
}*
part from nnrpd_auth.py: (here you can also see how i solved problem with
ldap module, i am calling external script and reading result from its
standard output - commented lines)
*def authenticate(self, attributes):
"""Called when python_auth is encountered in readers.conf"""
# just for debugging purposes
syslog('notice', 'n_a authenticate() invoked: hostname %s, ipaddress
%s, interface %s, user %s' % (\
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# do username passworld authentication
#if 'foo' == str(attributes['user']) \
# and 'foo' == str(attributes['pass']):
# syslog('notice', 'authentication by username succeeded')
# return ( self.authcodes['ALLOWED'], 'No error', 'default_user')
#else:
# syslog('notice', 'authentication by username failed')
# return ( self.authcodes['DENIED'], 'Access Denied!')
#import os
#result = int(os.popen("%s %s %s"
%("/opt/pdg/newsauth.py",str(attributes['user']),str(attributes['pass'])),
"r").read())
#if result == 1:
# syslog('notice', 'authentication by username succeeded')
# return(self.authcodes['ALLOWED'], 'OK')
#else:
# syslog('notice', 'authentication by username failed')
# return ( self.authcodes['DENIED'], 'FAILED')
import commands
result = commands.getoutput('ls -l')
syslog('notice', result)
*And now comes my test.py where i am testing my nnrpd_auth.py:
*from nnrpd_auth import *
myauth = AUTH()
print
myauth.authenticate({'user':'boss','pass':'supersecret','interface':None,'ipaddress':None,'hostname':None})
*
As you can see my test.py is calling autenticate method same as INN is
calling when auth begins.
Here comes the result from my test.py:
-- syslog level: notice message: nnrpd authentication class instance created
** set_auth_hook for <nnrpd_auth.AUTH instance at 0xb7eb424c>
-- syslog level: notice message: authentication module successfully hooked
into nnrpd
-- syslog level: notice message: nnrpd authentication class instance created
-- syslog level: notice message: n_a authenticate() invoked: hostname None,
ipaddress None, interface None, user boss
*-- syslog level: notice message: total 104
-rw-r--r-- 1 news news 859 Jun 4 10:38 INN.py
-rw-r--r-- 1 news news 1351 Jun 4 10:38 INN.pyc
-rw-r--r-- 1 news news 1351 Jun 4 10:38 INN.pyo
-rw-r--r-- 1 news news 479 Jun 4 10:38 filter.tcl
-rw-r--r-- 1 news news 8860 Jun 4 10:38 filter_innd.py
-rw-r--r-- 1 news news 7381 Jun 4 10:38 filter_innd.pyc
-rw-r--r-- 1 news news 7381 Jun 4 10:38 filter_innd.pyo
-rw-r--r-- 1 news news 2259 Jun 4 10:38 filter_nnrpd.pl
-rw-r--r-- 1 root root 512 Jun 4 10:37 nnrpd.py
-rw-r--r-- 1 root root 603 Jun 5 11:34 nnrpd.pyc
-rw-r--r-- 1 news news 4181 Jun 4 10:38 nnrpd_access.pl
-rw-r--r-- 1 news news 2657 Jun 4 10:38 nnrpd_auth.pl
-rw-r--r-- 1 root root 7998 Jun 7 13:06 nnrpd_auth.py
-rw-r--r-- 1 root root 8200 Jun 5 12:18 nnrpd_auth.py.backup
-rw-r--r-- 1 root root 3109 Jun 7 13:06 nnrpd_auth.pyc
-rw-r--r-- 1 news news 469 Jun 4 10:38 startup.tcl
-rw-r--r-- 1 news news 1324 Jun 4 10:38 startup_innd.pl
-rw-r--r-- 1 root root 259 Jun 7 13:06 test.py*
None
Please note the syslog result .. which is this part from nnrpd_auth.py :
*import commands
result = commands.getoutput('ls -l')
syslog('notice', result)
*And now please note the result from INN where result is completely ignored
:*
Jun 7 13:15:20 dev01 nnrpd[1400]: python: n_a authenticate() invoked:
hostname david-nb.net.hlacik.eu, ipaddress 10.10.10.199, interface
10.10.10.183, user b
Jun 7 13:15:20 dev01 nnrpd[1400]: python authenticate method returned wrong
result
Jun 7 13:15:20 dev01 nnrpd[1400]: david-nb.net.hlacik.eu times user 0.000
system 0.008 idle 0.000 elapsed 0.034
Thanks!
David
*
On Sat, Jun 7, 2008 at 11:35 AM, David Hláčik <da...@hl...> wrote:
> Hello , of course i am importing without .py . I have checked all paths
> with sys.path and also check if INN is using same python version with same
> environment as mine - and yes it is.
> What i have discovered is that nnrpd_auth.py has a really problem with
> importing anything except builtin sys module.
> Module ldap is not working, module commands is not working ... it will
> simple print no result ...
> When i test it trought my test script it will does. When i test it directly
> with INN i see only "python auth returned wrong result".
> When i try to investigate that with try except Exception .. i simple see no
> error there but null result ... it will simple not call the result... even
> simple commands.getoutput("ls -l") does not work! :(
> Only one solution i have found is to import sys module and call popen to
> open external script .. also writen in python .. which will simple to
> standart out return result (and which is using module ldap without problem)
> .. and then i read output in nnrpd_auth and work with that.
> Such ugly think , i spent 3 days working with nnrpd_auth.py and nothing
> worked as i wanted (and i am programming in python for 3 years actually so i
> dont think i am lame ).
>
> Thanks! and if someone really will help me to investigate problem i will
> sent them a package of Czech Beers (Gambrinus,Plzen or Budvar) as i am live
> in czech republic!
>
>
> On Fri, Jun 6, 2008 at 8:27 PM, Julien ÉLIE <ju...@tr...>
> wrote:
>
>> Hi David (thrice),
>>
>> I have created own try, except part to see error, but all i got is :
>>> python:
>>> Error: No module named py
>>> I want to know more , i want to know why? There is no other info in logs.
>>>
>>
>> Do you "import module.py" or "import module"? The last one is the right
>> thing to do
>> inside your scripts. Also check whether paths are correct.
>>
>> And in readers.conf, did you try without ".py" too in the python_auth:
>> parameter?
>> (I do not know whether it is required.)
>>
>> --
>> Julien ÉLIE
>>
>> « Mon père, ce héros au sourire si doux. » (Victor Hugo)
>>
>>
> |
|
From: D. H. <da...@hl...> - 2008-06-07 09:28:09
|
Hello Ron,
thanks for your help. Yes i know this exactly can cause problem like that,
but i am sure that i did not do such schollar mistake.
Actulaly as i mentioned i have this problem with INN python_auth hook. I was
doing a lot of experiments last days and i found that problem is on their
side.
Simply in nnrpd_auth.py script ---> which is called by INN news server when
doing authentication & access thinks ... have problems with importing
anything except python built-in modules.
So my only one possibility how to accomplish was simple to make a python
script which is using python module and will work on commandline (use
arguments username and password and replies to standart out result). Then in
nnrpd_auth import sys and simply call that as a external program and script
with popen and read the result. With such a simple trick i have avoid need
to use import ldap in nnrpd_auth.py directly. I am not satisfied with that
solution, becouse it looks really lame, but unfortunately there is no other
solution i hope - as no one on INN mailinglist was not able to answer me
with the solution.
Thanks,
David
2008/6/6 Ron Teitelbaum <Ro...@us...>:
> Hi David,
>
>
>
> I had this happen before because I tried to do this:
>
>
>
> Import aModuleName.py
>
>
>
> I don't see that mistake in your code though, but maybe something you are
> calling is doing that. You need to leave off the .py when doing import.
>
>
>
> Hope that helps,
>
>
>
> Ron
>
>
> ------------------------------
>
> *From:* pyt...@li... [mailto:
> pyt...@li...] *On Behalf Of *David Hlácik
> *Sent:* Thursday, June 05, 2008 9:55 AM
> *To:* pyt...@li...
> *Subject:* Re: module ldap : no module named .py
>
>
>
> As you can see :
> Jun 5 13:33:12 dev01 nnrpd[9550]: python: Error: No module named py
> comes from nnrpd_auth.py :
>
> try:
> if
> self.__newsauth(str(attributes['user']),str(attributes['pass'])):
> syslog('notice', 'authentication by username
> succeeded')
> return ( self.authcodes['ALLOWED'], 'No error',
> 'default_user')
> else:
> syslog('notice', 'authentication by username
> failed')
> return ( self.authcodes['DENIED'], 'Access
> Denied!')
> except Exception, e:
> syslog('notice', "Error: %s" % e)
>
> On Thu, Jun 5, 2008 at 3:53 PM, David Hláčik <da...@hl...> wrote:
>
> FYI,
>
> this is the result of test.py :
> -- syslog level: notice message: nnrpd authentication class instance
> created
> ** set_auth_hook for <nnrpd_auth.AUTH instance at 0xb7f1f5ec>
> -- syslog level: notice message: authentication module successfully hooked
> into nnrpd
> -- syslog level: notice message: nnrpd authentication class instance
> created
> -- syslog level: notice message: n_a authenticate() invoked: hostname None,
> ipaddress None, interface None, user boss
> -- syslog level: notice message: authentication by username succeeded
> (281, 'No error', 'default_user')
>
> And this is the result (from news.notice) when used as auth hook in INN :
> (inn will load nnrpd_auth.py and instantiate as in nnrpd_auth.py on the end
> written and call method authenticate(attributes) ) :
>
> Jun 5 13:33:12 dev01 nnrpd[9550]: david-nb.net.hlacik.eu (10.10.10.199)
> connect
> Jun 5 13:33:12 dev01 nnrpd[9550]: python interpreter initialized OK
> Jun 5 13:33:12 dev01 nnrpd[9550]: python: nnrpd authentication class
> instance created
> Jun 5 13:33:12 dev01 nnrpd[9550]: python: authentication module
> successfully hooked into nnrpd
> Jun 5 13:33:12 dev01 nnrpd[9550]: python method authen_init not found
> Jun 5 13:33:12 dev01 nnrpd[9550]: python method authen_close not found
> Jun 5 13:33:12 dev01 nnrpd[9550]: python method access_init not found
> Jun 5 13:33:12 dev01 nnrpd[9550]: python method access_close not found
> Jun 5 13:33:12 dev01 nnrpd[9550]: python method dynamic_init not found
> Jun 5 13:33:12 dev01 nnrpd[9550]: python method dynamic_close not found
> Jun 5 13:33:12 dev01 nnrpd[9550]: python: n_a authenticate() invoked:
> hostname david-nb.net.hlacik.eu, ipaddress 10.10.10.199, interface
> 10.10.10.183, user boss
> Jun 5 13:33:12 dev01 nnrpd[9550]: python: Error: No module named py
> Jun 5 13:33:12 dev01 nnrpd[9550]: python authenticate method returned
> wrong result
> Jun 5 13:33:12 dev01 nnrpd[9550]: david-nb.net.hlacik.eu times user 0.016
> system 0.016 idle 0.000 elapsed 0.073
>
>
> |
|
From: Michael S. <mi...@st...> - 2008-06-07 08:10:44
|
Michele Petrazzo - Unipex srl wrote:
>
> ldif = [('dn', 'cn=A name,ou=People,dc=unipex,dc=it'),
I think this variable is misnamed.
> [..]
> l.add_s(LDAP_BASE_DN, ldif)
> [..]
> ldap.UNDEFINED_TYPE: {'info': 'dn: attribute type undefined', 'desc':
> 'Undefined attribute type'}
It means exactly what it says: The attribute type 'dn' in your
modification list is not known in the server's subschema.
=> So remove ('dn', 'cn=A name,ou=People,dc=unipex,dc=it') from your mod
list.
> But if I save the same data into a ldif file and add it with:
> ldapadd -xv -D "cn=admin,dc=unipex,dc=it" -f test_entry.ldif -W
>
> it works!
LDIF is something completely different. Also note that module ldif
treats the entry's DN as a different argument, not as normal attribute.
Ciao, Michael.
|
627 messages has been excluded from this view by a project administrator.
