Menu
▾
▴
python-ldap-dev — discussion among developers
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
(34) |
Mar
(9) |
Apr
|
May
(2) |
Jun
(14) |
Jul
(67) |
Aug
(34) |
Sep
(5) |
Oct
(20) |
Nov
(22) |
Dec
(31) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(15) |
Feb
(16) |
Mar
(20) |
Apr
(13) |
May
(72) |
Jun
(42) |
Jul
(41) |
Aug
(11) |
Sep
(19) |
Oct
(67) |
Nov
(59) |
Dec
(57) |
| 2002 |
Jan
(74) |
Feb
(69) |
Mar
(34) |
Apr
(55) |
May
(47) |
Jun
(74) |
Jul
(116) |
Aug
(68) |
Sep
(25) |
Oct
(42) |
Nov
(28) |
Dec
(52) |
| 2003 |
Jan
(19) |
Feb
(18) |
Mar
(35) |
Apr
(49) |
May
(73) |
Jun
(39) |
Jul
(26) |
Aug
(59) |
Sep
(33) |
Oct
(56) |
Nov
(69) |
Dec
(137) |
| 2004 |
Jan
(276) |
Feb
(15) |
Mar
(18) |
Apr
(27) |
May
(25) |
Jun
(7) |
Jul
(13) |
Aug
(2) |
Sep
(2) |
Oct
(10) |
Nov
(27) |
Dec
(28) |
| 2005 |
Jan
(22) |
Feb
(25) |
Mar
(41) |
Apr
(17) |
May
(36) |
Jun
(13) |
Jul
(22) |
Aug
(12) |
Sep
(23) |
Oct
(6) |
Nov
(4) |
Dec
|
| 2006 |
Jan
(11) |
Feb
(3) |
Mar
(5) |
Apr
(22) |
May
(1) |
Jun
(10) |
Jul
(19) |
Aug
(7) |
Sep
(25) |
Oct
(23) |
Nov
(5) |
Dec
(27) |
| 2007 |
Jan
(25) |
Feb
(17) |
Mar
(44) |
Apr
(8) |
May
(33) |
Jun
(31) |
Jul
(42) |
Aug
(16) |
Sep
(12) |
Oct
(16) |
Nov
(23) |
Dec
(73) |
| 2008 |
Jan
(26) |
Feb
(6) |
Mar
(46) |
Apr
(17) |
May
(1) |
Jun
(44) |
Jul
(9) |
Aug
(34) |
Sep
(20) |
Oct
(2) |
Nov
(4) |
Dec
(16) |
| 2009 |
Jan
(14) |
Feb
(3) |
Mar
(45) |
Apr
(52) |
May
(34) |
Jun
(32) |
Jul
(24) |
Aug
(52) |
Sep
(22) |
Oct
(23) |
Nov
(19) |
Dec
(10) |
| 2010 |
Jan
(10) |
Feb
(13) |
Mar
(22) |
Apr
(9) |
May
(1) |
Jun
(1) |
Jul
(8) |
Aug
(9) |
Sep
(10) |
Oct
(1) |
Nov
(2) |
Dec
(3) |
| 2011 |
Jan
|
Feb
(18) |
Mar
(39) |
Apr
(5) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Robert E. <res...@go...> - 2007-12-13 17:46:58
|
I move the older ones (/usr/lib/) to a safe place and now I get
File "/usr/lib/python2.4/site-packages/ldap/__init__.py", line 23, in ?
from _ldap import *
ImportError: liblber-2.3.so.0: cannot open shared object file: No such
file or directory
which I suppose is progress.
On 12/13/07, Robert Escorcio <res...@go...> wrote:
> root@roberte:~/installs/python-ldap-2.3.1# find / -mount -name
> "liblber*" | xargs ls -l
> lrwxrwxrwx 1 root root 27 Feb 10 2007
> /usr/lib/Adobe/Acrobat7.0/Reader/intellinux/lib/liblber.so ->
> ../../../../../liblber.so.2
> lrwxrwxrwx 1 root root 21 Dec 19 2006 /usr/lib/liblber-2.2.so.7
> -> liblber-2.2.so.7.0.19
> -rw-r--r-- 1 root root 48420 Nov 20 2006 /usr/lib/liblber-2.2.so.7.0.19
> -rw-r--r-- 1 root root 65034 Mar 6 2006 /usr/lib/liblber.a
> lrwxrwxrwx 1 root root 18 Dec 11 14:03 /usr/lib/liblber.so ->
> liblber.so.2.0.130
> lrwxrwxrwx 1 root root 18 Dec 19 2006 /usr/lib/liblber.so.2 ->
> liblber.so.2.0.130
> -rw-r--r-- 1 root root 46180 Mar 6 2006 /usr/lib/liblber.so.2.0.130
> lrwxrwxrwx 1 root root 20 Oct 10 05:43 /usr/lib64/liblber-2.2.so.7
> -> liblber-2.2.so.7.0.6
> -rwxr-xr-x 1 root root 58664 Dec 12 2006 /usr/lib64/liblber-2.2.so.7.0.=
6
> lrwxrwxrwx 1 root root 20 Oct 10 05:43 /usr/lib64/liblber.so ->
> liblber-2.2.so.7.0.6
> lrwxrwxrwx 1 root root 20 Dec 12 17:14
> /usr/local/lib/liblber-2.3.so.0 -> liblber-2.3.so.0.0.4
> -rw-r--r-- 1 root root 126344 Dec 12 17:14 /usr/local/lib/liblber-2.3.so.=
0.0.4
> -rw-r--r-- 1 root root 125898 Dec 12 11:26 /usr/local/lib/liblber-2.3.so.=
0.2.27
> -rw-r--r-- 1 root root 169700 Dec 12 17:14 /usr/local/lib/liblber.a
> -rw-r--r-- 1 root root 693 Dec 12 17:14 /usr/local/lib/liblber.la
> lrwxrwxrwx 1 root root 20 Dec 12 17:14 /usr/local/lib/liblber.so
> -> liblber-2.3.so.0.0.4
>
> On 12/13/07, Michael Str=F6der <mi...@st...> wrote:
> > Robert Escorcio wrote:
> > >
> > > I'll try building on a clean install of fedora. Maybe its just my OS
> > > build that is messed up.
> >
> > Maybe a library mix?
> > Do you have several versions of liblber on your system?
> > Several OpenLDAP lib versions or even Fedora DS LDAP libs?
> >
> > Ciao, Michael.
> >
>
>
> --
> Robert Escorcio
> Google Inc
>
--=20
Robert Escorcio
Google Inc
|
|
From: Robert E. <res...@go...> - 2007-12-13 17:29:41
|
root@roberte:~/installs/python-ldap-2.3.1# find / -mount -name "liblber*" | xargs ls -l lrwxrwxrwx 1 root root 27 Feb 10 2007 /usr/lib/Adobe/Acrobat7.0/Reader/intellinux/lib/liblber.so -> ../../../../../liblber.so.2 lrwxrwxrwx 1 root root 21 Dec 19 2006 /usr/lib/liblber-2.2.so.7 -> liblber-2.2.so.7.0.19 -rw-r--r-- 1 root root 48420 Nov 20 2006 /usr/lib/liblber-2.2.so.7.0.19 -rw-r--r-- 1 root root 65034 Mar 6 2006 /usr/lib/liblber.a lrwxrwxrwx 1 root root 18 Dec 11 14:03 /usr/lib/liblber.so -> liblber.so.2.0.130 lrwxrwxrwx 1 root root 18 Dec 19 2006 /usr/lib/liblber.so.2 -> liblber.so.2.0.130 -rw-r--r-- 1 root root 46180 Mar 6 2006 /usr/lib/liblber.so.2.0.130 lrwxrwxrwx 1 root root 20 Oct 10 05:43 /usr/lib64/liblber-2.2.so.7 -> liblber-2.2.so.7.0.6 -rwxr-xr-x 1 root root 58664 Dec 12 2006 /usr/lib64/liblber-2.2.so.7.0.6 lrwxrwxrwx 1 root root 20 Oct 10 05:43 /usr/lib64/liblber.so -> liblber-2.2.so.7.0.6 lrwxrwxrwx 1 root root 20 Dec 12 17:14 /usr/local/lib/liblber-2.3.so.0 -> liblber-2.3.so.0.0.4 -rw-r--r-- 1 root root 126344 Dec 12 17:14 /usr/local/lib/liblber-2.3.so.0.= 0.4 -rw-r--r-- 1 root root 125898 Dec 12 11:26 /usr/local/lib/liblber-2.3.so.0.= 2.27 -rw-r--r-- 1 root root 169700 Dec 12 17:14 /usr/local/lib/liblber.a -rw-r--r-- 1 root root 693 Dec 12 17:14 /usr/local/lib/liblber.la lrwxrwxrwx 1 root root 20 Dec 12 17:14 /usr/local/lib/liblber.so -> liblber-2.3.so.0.0.4 On 12/13/07, Michael Str=F6der <mi...@st...> wrote: > Robert Escorcio wrote: > > > > I'll try building on a clean install of fedora. Maybe its just my OS > > build that is messed up. > > Maybe a library mix? > Do you have several versions of liblber on your system? > Several OpenLDAP lib versions or even Fedora DS LDAP libs? > > Ciao, Michael. > --=20 Robert Escorcio Google Inc |
|
From: <mi...@st...> - 2007-12-13 11:29:22
|
Robert Escorcio wrote: > > I'll try building on a clean install of fedora. Maybe its just my OS > build that is messed up. Maybe a library mix? Do you have several versions of liblber on your system? Several OpenLDAP lib versions or even Fedora DS LDAP libs? Ciao, Michael. |
|
From: Robert E. <res...@go...> - 2007-12-13 01:34:14
|
2007/12/12 Michael Str=F6der <mi...@st...>: > Robert Escorcio wrote: > > Where can I get 2.3.1? > > I meant the source distribution of python-ldap 2.3.1: > > http://sourceforge.net/project/showfiles.php?group_id=3D2072 > Oh. Sorry. Right. I was using 2.3.1 of python ldap. When I try to impor= t ldap I get File "/usr/lib/python2.4/site-packages/ldap/__init__.py", line 23, in ? from _ldap import * ImportError: /usr/lib/python2.4/site-packages/_ldap.so: undefined symbol: ber_pvt_opt_on The build and install seem to work fine (see below for details) I'll try building on a clean install of fedora. Maybe its just my OS build that is messed up. Thanks for your help! Robert PS Details: root@roberte:~/installs/python-ldap-2.3.1# python setup.py build extra_compile_args: extra_objects: include_dirs: /usr/include/sasl library_dirs: /usr/lib/sasl2 libs: ldap lber running build running build_py file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found creating build creating build/lib.linux-i686-2.4 copying Lib/ldapurl.py -> build/lib.linux-i686-2.4 copying Lib/ldif.py -> build/lib.linux-i686-2.4 copying Lib/dsml.py -> build/lib.linux-i686-2.4 creating build/lib.linux-i686-2.4/ldap copying Lib/ldap/__init__.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/async.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/controls.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/cidict.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/dn.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/filter.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/functions.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/ldapobject.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/modlist.py -> build/lib.linux-i686-2.4/ldap copying Lib/ldap/sasl.py -> build/lib.linux-i686-2.4/ldap creating build/lib.linux-i686-2.4/ldap/schema copying Lib/ldap/schema/__init__.py -> build/lib.linux-i686-2.4/ldap/schema copying Lib/ldap/schema/models.py -> build/lib.linux-i686-2.4/ldap/schema copying Lib/ldap/schema/subentry.py -> build/lib.linux-i686-2.4/ldap/schema copying Lib/ldap/schema/tokenizer.py -> build/lib.linux-i686-2.4/ldap/schem= a file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found running build_ext building '_ldap' extension creating build/temp.linux-i686-2.4 creating build/temp.linux-i686-2.4/Modules gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/LDAPObject.c -o build/temp.linux- i686-2.4/Modules/LDAPObject.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/ldapcontrol.c -o build/temp.linux- i686-2.4/Modules/ldapcontrol.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/common.c -o build/temp.linux-i686-2.4 /Modules/common.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/constants.c -o build/temp.linux-i686-2.= 4 /Modules/constants.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/errors.c -o build/temp.linux-i686-2.4 /Modules/errors.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/functions.c -o build/temp.linux-i686-2.= 4 /Modules/functions.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/schema.c -o build/temp.linux-i686-2.4 /Modules/schema.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/ldapmodule.c -o build/temp.linux- i686-2.4/Modules/ldapmodule.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/message.c -o build/temp.linux-i686-2.4 /Modules/message.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/version.c -o build/temp.linux-i686-2.4 /Modules/version.o gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -DLDAPMODULE_VERSION=3D2.3.1 -IModules -I/usr/include/sasl -I/usr/include/python2.4 -c Modules/options.c -o build/temp.linux-i686-2.4 /Modules/options.o Modules/options.c: In function 'LDAP_get_option': Modules/options.c:125: warning: unused variable 'doubleval' gcc -pthread -shared build/temp.linux-i686-2.4/Modules/LDAPObject.o build/temp.linux-i686-2.4/Modules/ldapcontrol.o build/temp.linux-i686-2.4/Modules/common.o build/temp.linux-i686-2.4/Modules/constants.o build/temp.linux-i686-2.4/Modules/errors.o build/temp.linux-i686-2.4/Modules/functions.o build/temp.linux-i686-2.4/Modules/schema.o build/temp.linux-i686-2.4/Modules/ldapmodule.o build/temp.linux-i686-2.4/Modules/message.o build/temp.linux-i686-2.4/Modules/version.o build/temp.linux-i686-2.4/Modules/options.o -L/usr/lib/sasl2 -Wl,-R/usr/lib/sasl2 -lldap -llber -o build/lib.linux- i686-2.4/_ldap.so root@roberte:~/installs/python-ldap-2.3.1# python setup.py install extra_compile_args: extra_objects: include_dirs: /usr/include/sasl library_dirs: /usr/lib/sasl2 libs: ldap lber running install running build running build_py file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found file Lib/ldap.py (for module ldap) not found file Lib/ldap/schema.py (for module ldap.schema) not found running build_ext running install_lib copying build/lib.linux-i686-2.4/_ldap.so -> /usr/lib/python2.4/site-packages writing byte-compilation script '/tmp/tmpyS3HrD.py' /usr/bin/python -O /tmp/tmpyS3HrD.py removing /tmp/tmpyS3HrD.py > > > I'll check 2.3.4 because its the earliest version I can find and 2.3.10 > > on the off chance that this is what you meant. > > I'm not talking about OpenLDAP libs. You need at least 2.3.something for > building python-ldap 2.3.1. > > Ciao, Michael. > --=20 Robert Escorcio Google Inc |
|
From: <mi...@st...> - 2007-12-13 01:02:45
|
Robert Escorcio wrote: > Where can I get 2.3.1? I meant the source distribution of python-ldap 2.3.1: http://sourceforge.net/project/showfiles.php?group_id=2072 > I'll check 2.3.4 because its the earliest version I can find and 2.3.10 > on the off chance that this is what you meant. I'm not talking about OpenLDAP libs. You need at least 2.3.something for building python-ldap 2.3.1. Ciao, Michael. |
|
From: Robert E. <res...@go...> - 2007-12-13 00:14:34
|
Where can I get 2.3.1? Looked for it on ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release but the closest I could find was ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.10.tgz Googled for it and only found http://www.google.com/search?source=3Dig&hl=3Den&rlz=3D&q=3Dopenldap-2.3.1&= btnG=3DGoogle+Search I'll check 2.3.4 because its the earliest version I can find and 2.3.10 on the off chance that this is what you meant. 2007/12/12 Michael Str=F6der <mi...@st...>: > Robert Escorcio wrote: > > After installing python-ldap 2.3 on Ubuntu (with openldap 2-3.39), I am > > getting the following error when importing ldap from a python program > > > > ImportError: /usr/lib/python2.4/site > > -packages/_ldap.so: undefined symbol: ber_pvt_opt_on > > > > I have seen reports on the web that this is because I did not link > > _ldap.so with -llber, > > Maybe something's wrong with run-time linking? > > > but that cannot be so because I see the following > > when I run > > > > python setup.py install > > > > -Wl,-R/usr/local/openldap-2.3/lib -lldap -llber -lresolv -o > > build/lib.linux-x86_64-2.4/_ldap.so > > Seems to be ok at first glance. But how about asking the Ubuntu > maintainer first? > > Or could you please try to build yourself from a 2.3.1 source > distribution and provide setup.cfg if it fails? Generally I don't trust > package maintainers of Linux distribution anymore. Some of them (e.g. > Debian) has a very large patch set. > > Also I note that you're on a 64-bit platform. Maybe there's something > wrong with the tool chain on that platform? > > Ciao, Michael. > > --=20 Robert Escorcio Google Inc |
|
From: <mi...@st...> - 2007-12-12 22:45:29
|
Robert Escorcio wrote: > After installing python-ldap 2.3 on Ubuntu (with openldap 2-3.39), I am > getting the following error when importing ldap from a python program > > ImportError: /usr/lib/python2.4/site > -packages/_ldap.so: undefined symbol: ber_pvt_opt_on > > I have seen reports on the web that this is because I did not link > _ldap.so with -llber, Maybe something's wrong with run-time linking? > but that cannot be so because I see the following > when I run > > python setup.py install > > -Wl,-R/usr/local/openldap-2.3/lib -lldap -llber -lresolv -o > build/lib.linux-x86_64-2.4/_ldap.so Seems to be ok at first glance. But how about asking the Ubuntu maintainer first? Or could you please try to build yourself from a 2.3.1 source distribution and provide setup.cfg if it fails? Generally I don't trust package maintainers of Linux distribution anymore. Some of them (e.g. Debian) has a very large patch set. Also I note that you're on a 64-bit platform. Maybe there's something wrong with the tool chain on that platform? Ciao, Michael. |
|
From: Robert E. <res...@go...> - 2007-12-12 21:33:20
|
After installing python-ldap 2.3 on Ubuntu (with openldap 2-3.39), I am getting the following error when importing ldap from a python program ImportError: /usr/lib/python2.4/site-packages/_ldap.so: undefined symbol: ber_pvt_opt_on I have seen reports on the web that this is because I did not link _ldap.so with -llber, but that cannot be so because I see the following when I run python setup.py install gcc -pthread -shared build/temp.linux-x86_64- 2.4/Modules/LDAPObject.o build/temp.linux-x86_64-2.4/Modules/ldapcontrol.o build/temp.linux-x86_64- 2.4/Modules/common.o build/temp.linux-x86_64-2.4/Modules/constants.o build/temp.linux-x86_64-2.4/Modules/errors.o build/temp.linux-x86_64- 2.4/Modules/functions.o build/temp.linux-x86_64-2.4/Modules/schema.o build/temp.linux-x86_64-2.4/Modules/ldapmodule.o build/temp.linux-x86_64-2.4/Modules/message.o build/temp.linux-x86_64-2.4/Modules/version.o build/temp.linux-x86_64- 2.4/Modules/options.o -L/usr/local/openldap-2.3/lib -Wl,-R/usr/local/openldap-2.3/lib -lldap -llber -lresolv -o build/lib.linux-x86_64-2.4/_ldap.so Can anyone advise me on what is the problem? |
|
From: <mi...@st...> - 2007-12-12 14:37:46
|
Fernando Ribeiro wrote: > > The problem was fixed using ldap.VERSION with ldap.VERSION3: > > self.conn.set_option(ldap.VERSION, ldap.VERSION3) Strange, since ldap.VERSION3 is the default explicitly set when creating a LDAPObject instance. Unless you formerly set this to ldap.VERSION2 before in your code it's unlikely that this was the solution. Ciao, Michael. |
|
From: Fernando R. <fer...@gm...> - 2007-12-12 14:15:06
|
SGkgTWljaGFlbCwKCk9uIERlYyAxMiwgMjAwNyAxMjowMCBQTSwgTWljaGFlbCBTdHLDtmRlciA8 bWljaGFlbEBzdHJvZWRlci5jb20+IHdyb3RlOgoKPgo+IFN0cmFuZ2UsIHNpbmNlIGxkYXAuVkVS U0lPTjMgaXMgdGhlIGRlZmF1bHQgZXhwbGljaXRseSBzZXQgd2hlbiBjcmVhdGluZwo+IGEgTERB UE9iamVjdCBpbnN0YW5jZS4gVW5sZXNzIHlvdSBmb3JtZXJseSBzZXQgdGhpcyB0byBsZGFwLlZF UlNJT04yCj4gYmVmb3JlIGluIHlvdXIgY29kZSBpdCdzIHVubGlrZWx5IHRoYXQgdGhpcyB3YXMg dGhlIHNvbHV0aW9uLgo+CgogICAgIFJlYWxseSBzdHJhbmdlLgogICAgIERvbid0IHdhcyBzZXQg bGRhcC5WRVJTSU9OMiBpbiBteSBjb2RlLgogICAgIEknbSB1c2luZyBweXRob24tbGRhcCAyLjMK CkF0dCwKRmVybmFuZG8gUmliZWlybwoKCi0tIAotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQotIEZlcm5hbmRvIFJpYmVpcm8gLSBTeXNBZG1pbgot ICs1NS02MS04NDM4LTU4MDYKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0KRmlydGh1bmFuZHM6IGZpcnRodSBtZWFucyBwZWFjZSwgbmFuZHMgbWVh bnMgZGFyaW5nLgoiVGhvc2Ugd2hvIGRvIGFueXRoaW5nIHRvIG1haW50YWluIHRoZSBwZWFjZSEi Cg== |
|
From: <mi...@st...> - 2007-12-12 14:12:48
|
David Leonard wrote: > Geert Jansen wrote: >> Michael Ströder wrote: >>> Well, setting an env var is not really a good choice when running within >>> a multi-threaded web application... :-/ > > yet another reason to avoid threads? :) The multi-threaded approach gives me the possibility to use persistent LDAP connections. This is much faster. > Recapping the (interesting) problem: Michael wanted to pick out the > delegated creds from an SPNEGO auth'd request, convey them down to the > SASL GSSAPI auth underneath an LDAP bind. And have it all work inside a > threaded web server. Exactly. ;-) > If the request handler is a python script, then you would get a separate > python process for each request, and setenving KRB5CCNAME to a temporary > cred cache file for the delegated ticket is straightforward. This would be easy, but that's not how web2ldap works. > I know, > because I've done this. But let's say you want to be interesting and use > mod_python and have python-ldap code and sasl-gssapi running inside the > web server's thread. In this case, you might arrange for the spnego auth > to export the krb5 in-memory cred cache via an apache request note. I'd rather prefer to even extract the SPNEGO from the HTTP header within my web app since I don't need a Kerberos module for Apache then. And web2ldap runs also as a stand-alone server which is pretty handy in many situations. > However, when it comes time to prepare the SASL GSSAPI environment, you > get stuck because there seems to be no way to communicate to the krb5 > mechanism under sasl which cred cache to use for auth. Yupp. I already talked to Howard Chu about whether it's possible to change the OpenLDAP API (sasl_interactive_bind()) in this regard. > I think it would just be easier to avoid threads when using GSSAPI. :-( Ciao, Michael. |
|
From: David L. <d...@ad...> - 2007-12-12 13:26:30
|
Geert Jansen wrote:
> Michael Ströder wrote:
>
>
>> Well, setting an env var is not really a good choice when running within
>> a multi-threaded web application... :-/
>>
>>
yet another reason to avoid threads? :)
>
> I was thinking how one could solve the problem of per-thread credentials
> in python-ldap (or python-ad).. I think it can be done with the keyring
> credential cache code that is in recent MIT Kerberos distributions.
> Per-thread keyrings exist so if you set $KRB5CCNAME to
> "KEYRING:thread:default" then you should be able to use per-thread
> credentials.
>
[A per-thread getenv() would be similarly interesting. I'm thinking like
how errno was bodged as a macro.]
Recapping the (interesting) problem: Michael wanted to pick out the
delegated creds from an SPNEGO auth'd request, convey them down to the
SASL GSSAPI auth underneath an LDAP bind. And have it all work inside a
threaded web server.
If the request handler is a python script, then you would get a separate
python process for each request, and setenving KRB5CCNAME to a temporary
cred cache file for the delegated ticket is straightforward. I know,
because I've done this. But let's say you want to be interesting and use
mod_python and have python-ldap code and sasl-gssapi running inside the
web server's thread. In this case, you might arrange for the spnego auth
to export the krb5 in-memory cred cache via an apache request note.
However, when it comes time to prepare the SASL GSSAPI environment, you
get stuck because there seems to be no way to communicate to the krb5
mechanism under sasl which cred cache to use for auth.. This is because
GSSAPI functions don't take context handles: it assumes global state for
mechanisms. Even doing the "KEYRING" trick above seems dubious to me
because the gss mechanisms might be squirreling away credential context
in global storage. If I recall correctly, some krb5 implementations of
gss are thread-clever, and might see different defaults per thread, so
they might work.
I think it would just be easier to avoid threads when using GSSAPI.
(Perhaps gss-v3 may be thread friendly?)
--
David Leonard d...@ad...
Ph:+61 404 844 850
|
|
From: Fernando R. <fer...@gm...> - 2007-12-12 11:32:54
|
Hi James,
The problem was fixed using ldap.VERSION with ldap.VERSION3:
self.conn.set_option(ldap.VERSION, ldap.VERSION3)
Thanks
Att,
--
-----------------------------------------------------
- Fernando Ribeiro
- +55-61-8438-5806
-----------------------------------------------------
Firthunands: firthu means peace, nands means daring.
"Those who do anything to maintain the peace!"
|
|
From: James A. <ja...@da...> - 2007-12-12 04:14:25
|
On Tue, 2007-12-11 at 17:15 -0200, Fernando Ribeiro wrote: > How to fix STRONG_AUTH_REQUIRED error? (My ldapserver is master) > I'm receiving this error while using modify(dn, modlist) > I have a bind with rootdn and rootpw right. How are you connecting and binding to the server? Simple bind or SASL? Unencrypted or SSL/TLS? Also, which LDAP server is it? OpenLDAP can be configured to require stronger authentication for modifications - search for ssf (Security Strength Factor) in the slapd.access(5) and slap.conf(5) man pages. James Andrewartha |
|
From: Geert J. <ge...@bo...> - 2007-12-11 21:28:08
|
Michael Ströder wrote: > > Well, setting an env var is not really a good choice when running within > a multi-threaded web application... :-/ > I was thinking how one could solve the problem of per-thread credentials in python-ldap (or python-ad).. I think it can be done with the keyring credential cache code that is in recent MIT Kerberos distributions. Per-thread keyrings exist so if you set $KRB5CCNAME to "KEYRING:thread:default" then you should be able to use per-thread credentials. Regards, Geert |
|
From: Geert J. <ge...@bo...> - 2007-12-11 21:16:17
|
Torsten Kurbad wrote: > ME, ME, ME!!! :o) > > I tried several krb5 modules lying around in the net so far - and none > really worked! In fact, most of the implementations require an external > kinit call, which is NOT what I intend to let my users do... > > So, I'd very much appreciate, if you think about Michael's idea, > Geert! > What is the use case you are thinking about? As mentioned in my other email the Kerberos API is vast and while wrapping it in Python can be done (it is actually not difficult) but it is a lot of work. And after that people will want support for Heimdal, and then Windows, Mac... :-) Regards, Geert |
|
From: Geert J. <ge...@bo...> - 2007-12-11 21:10:54
|
Michael Ströder wrote: > Ah, ok. Interesting. Why don't you separate the krb5 module into another > project. I guess some people might be interested in that. > > Especially my dream would be to support HTTP-Authentication based on > SPNEGO/GSSAPI in web2ldap. But not only authenticating the user at the > web server. I would rather like forward the service ticket requested for > a particular LDAP service to the LDAP server in a SASL/GSSAPI > BindRequest. Do you think that's feasible? > Well... at the moment the module is really bare bones and only exposes the few functions of the vast Kerberos API that Python-AD needs. Also I don't want to digress too much at this point. I created Python-AD as part of something bigger which does not exist yet: FreeADI. FreeADI would provide Active Directory integration for Linux systems, meaning you can use AD as the directory and authentication service on Linux. (Given the fact that Likewise Open was released last week, I am not sure though it would still be useful). >From what I understand from you though, you'd like the GSSAPI to be wrapped and not the Kerberos API. This is easier as the GSSAPI seems significantly smaller than the Kerberos API. By the way I had a look at web2ldap. You mention that you use an ASN.1 parser from Pisces and that you feel that people may have issues with its license. Python-AD comes with its own (very simple) ASN.1 parser/generator as well. It can parse arbitrary BER, emits DER and comes with a full test suite. The code is licensed under the MIT license so it may be less concerning. Also if you really want I could re-license it under the GPL. Regards, Geert |
|
From: Rich M. <ric...@gm...> - 2007-12-11 20:21:40
|
Michael Ströder wrote: > Rich Megginson wrote: > >> Michael Ströder wrote: >> >>> Rich Megginson wrote: >>> >>> >>>> You might be interested in the freeipa.org project which uses python, >>>> python-ldap, turbogears, PyKerberos, and supports http authentication >>>> with forwardable tickets. >>>> I don't think they support SPNEGO yet but patches are welcome :-) >>>> >>> How does the browser send the ticket to the web application then? >>> >>> >> In Firefox, go to about:config >> > > Yes, that's what's written on the freeipa.org web site. I was more > interested what's transmitted over the wire if it's not SPNEGO. > I'm not really sure. One of the guys on fre...@re... would know for sure. > Ciao, Michael. > > |
|
From: <mi...@st...> - 2007-12-11 19:51:48
|
Rich Megginson wrote: > Michael Ströder wrote: >> Rich Megginson wrote: >> >>> You might be interested in the freeipa.org project which uses python, >>> python-ldap, turbogears, PyKerberos, and supports http authentication >>> with forwardable tickets. >>> I don't think they support SPNEGO yet but patches are welcome :-) >> >> How does the browser send the ticket to the web application then? >> > In Firefox, go to about:config Yes, that's what's written on the freeipa.org web site. I was more interested what's transmitted over the wire if it's not SPNEGO. Ciao, Michael. |
|
From: Rich M. <ric...@gm...> - 2007-12-11 19:34:38
|
Michael Ströder wrote: > Rich Megginson wrote: > >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. >> I don't think they support SPNEGO yet but patches are welcome :-) >> > > How does the browser send the ticket to the web application then? > In Firefox, go to about:config In the Filter: text box, type "nego" You just have to set network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris to match your [domain_realm] setting in your /etc/krb5.conf. For example: network.negotiate-auth.delegation-uris: .example.com network.negotiate-auth.trusted-uris: .example.com I'm not sure but this should be documented on the freeipa.org web site, if it is not already. You also have to use Apache mod_auth_kerb, which should also be covered by freeipa.org > Ciao, Michael. > > |
|
From: Fernando R. <fer...@gm...> - 2007-12-11 19:16:04
|
Hi,
How to fix STRONG_AUTH_REQUIRED error? (My ldapserver is master)
I'm receiving this error while using modify(dn, modlist)
I have a bind with rootdn and rootpw right.
My modlist [(0, 'employeeType', ['1']), (0, 'l', ['GETEC']), (0,
'stateOrProvinceName', ['DF'])]
The error: Dec 11 16:52:00 localhost integracao:ERROR {'info':
'modifications require authentication', 'desc': 'Strong(er) authentication
required'}
The code:
def _modify(self, dn):
self.log.debug("%s: %s"%(dn, self.modlist))
try:
ldap_result_id = self.conn.modify(dn, self.modlist)
result_type, result_data =
self.conn.result(ldap_result_id,
0)
except ldap.LDAPError, e:
self.log.error(e)
--
-----------------------------------------------------
- Fernando Ribeiro
- +55-61-8438-5806
-----------------------------------------------------
Firthunands: firthu means peace, nands means daring.
"Those who do anything to maintain the peace!"
|
|
From: <mi...@st...> - 2007-12-11 19:16:02
|
Rich Megginson wrote: > You might be interested in the freeipa.org project which uses python, > python-ldap, turbogears, PyKerberos, and supports http authentication > with forwardable tickets. > I don't think they support SPNEGO yet but patches are welcome :-) How does the browser send the ticket to the web application then? Ciao, Michael. |
|
From: Rich M. <ric...@gm...> - 2007-12-11 19:07:47
|
Michael Ströder wrote: > Rich Megginson wrote: > >> You might be interested in the freeipa.org project which uses python, >> python-ldap, turbogears, PyKerberos, and supports http authentication >> with forwardable tickets. I don't think they support SPNEGO yet but >> patches are welcome :-) >> > > Well, glancing over the code I wonder why you didn't try to contribute > back some of the utility functions into python-ldap. E.g. some things > like constructing a Proxy Authz Control or normalizing DNs. > I don't know. I haven't been working on that part. I'll let those guys know. > Note that python-ldap has a Python style license (not GPL) though. > Ok, good to know. > Ciao, Michael. > > |
|
From: <mi...@st...> - 2007-12-11 18:51:32
|
Rich Megginson wrote: > You might be interested in the freeipa.org project which uses python, > python-ldap, turbogears, PyKerberos, and supports http authentication > with forwardable tickets. I don't think they support SPNEGO yet but > patches are welcome :-) Well, glancing over the code I wonder why you didn't try to contribute back some of the utility functions into python-ldap. E.g. some things like constructing a Proxy Authz Control or normalizing DNs. Note that python-ldap has a Python style license (not GPL) though. Ciao, Michael. |
|
From: <mi...@st...> - 2007-12-11 15:56:56
|
David Leonard wrote: > > I am interested in a better GSSAPI binding for Python.. and have some > incomplete code locally if anyone else is interested. Well, how about contributing your code to another project? Or how about creating a new project? > To do credential forwarding, the gss is currently kind of crappy about > how to extract creds portably, but if you know it's kerberos and you can > set KRB5CCNAME to a temporary file you can stash a delegated TGT into a > temp ccache so that SASL/GSS can find it when you talk ldap. Well, setting an env var is not really a good choice when running within a multi-threaded web application... :-/ Ciao, Michael. |
627 messages has been excluded from this view by a project administrator.
