python-ldap-dev — discussion among developers

Re: another odd problem... with ldap restart

[Alain S. <asp...@gm...>]

Are you advising us about the use of ReconnectLDAPObject in production
environment ?

Can you tell us more about that ?

Thx

On 3/20/07, Michael Str=F6der <mi...@st...> wrote:
>
> Alain Spineux wrote:
> >
> > I you want to survive to ldap restart, use the ReconnectLDAPObject that
> > do the job nicely.
>
> Note that there are various import fixes to ReconnectLDAPObject still
> waiting to be released.
>
> Ciao, Michael.
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>



--=20
--
Alain Spineux
aspineux gmail com
May the sources be with you

Re: another odd problem... with ldap restart

[Anil J. <an...@en...>]

Cool, that was the problem! Where is ReconnectLDAPObject documented?
Don't think I've seen it before in the docs.



On 3/20/07, Alain Spineux <asp...@gm...> wrote:
> You are working asynchronously !
>
> add a ldap.result() into your try: except or use the synchronous
> ldap.search_s()
> method and you will get your error in the expected order.
>
> I you want to survive to ldap restart, use the ReconnectLDAPObject that do
> the job nicely.
>
> BUT this let a good QUESTION :
>
> If I start 10 asynchronous ldap requests when the server is down,
> how many exception will I get ? 1 or 10 ? easy to test :-)
>
>
>
> On 3/20/07, Anil Jangity <an...@en...> wrote:
> >
> > If I restart the LDAP server, while connected to it using python-ldap,
> > it doesn't seem to be throwing an exception at the right time.
> >
> > self.logger('*** about to do a search ***')
> > result = g.ldap[customer][uid].search(base=suffix,
> scope="base", attr=["dn"])
> > self.logger('*** finished search ***')
> >
> > g.ldap is a wrapper method that just does this:
> > try:
> > self.logger('1')
> > ldap_result_id = self.l.search(ldap_url.dn, ldap_url.scope,
> > ldap_url.filterstr, ldap_url.attrs)
> > self.logger('2')
> > except ldap.LDAPError, e:
> > self.logger("LDAP SEARCH failed: %s" % (e))
> > return False
> >
> > Once connected to the ldap server, I do stop-start ldap server. Then,
> > I do two searches in order. The 2nd search throws an exception "Can't
> > contact LDAP server". I am just wondering why it doesn't do it the
> > first time?
> >
> > Mar 20 09:43:35 DEBUG 127.0.0.1 *** about to do a search ***
> > Mar 20 09:43:35 INFO LDAP SEARCH: dn: uid=demo, ou=People, o= entic.net
> > scope: 0 filter: (objectClass=top)
> > Mar 20 09:43:35 INFO 1
> > Mar 20 09:43:35 INFO 2
> > Mar 20 09:43:36 DEBUG 127.0.0.1 *** about to do a search ***
> > Mar 20 09:43:36 INFO LDAP SEARCH: dn: uid=demo, ou=People, o=entic.net
> > scope: 0 filter: (objectClass=top)
> > Mar 20 09:43:36 INFO 1
> > Mar 20 09:43:36 INFO LDAP SEARCH failed: {'info': '', 'desc': "Can't
> > contact LDAP server"}
> > Mar 20 09:43:36 DEBUG 127.0.0.1 *** finished search ***
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys-and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > Python-LDAP-dev mailing list
> > Pyt...@li...
> >
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
> >
>
>
>
> --
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
>

Re: another odd problem... with ldap restart

[<mi...@st...>]

Alain Spineux wrote:
> 
> I you want to survive to ldap restart, use the ReconnectLDAPObject that
> do the job nicely.

Note that there are various import fixes to ReconnectLDAPObject still
waiting to be released.

Ciao, Michael.

Any volunteers for SF#1657848?

[<mi...@st...>]

HI!

I'd like to release python-ldap 2.3 within the next weeks. For this
release I'd like to get rid of using deprecated OpenLDAP C SDK functions.

Since my C skills are limited I'd appreciate if somebody could take over
implementing a new C function l_ldap_str2dn(). I've collected my
thoughts in the SF tracker item SF#1657848 (see current content below).

Ciao, Michael.

-- 
Michael Ströder
E-Mail: mi...@st...
http://www.stroeder.com

-------- Original Message --------
Subject: [ python-ldap-Bugs-1657848 ] ldap_value_free() deprecated
Date: Sun, 18 Mar 2007 04:49:49 -0700
From: SourceForge.net <no...@so...>
To: no...@so...

Bugs item #1657848, was opened at 2007-02-12 11:16
Message generated for change (Comment added) made by stroeder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=102072&aid=1657848&group_id=2072

Please note that this message will contain a full copy of the comment
thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 8
Private: No
Submitted By: Michael Ströder (stroeder)
Assigned to: Nobody/Anonymous (nobody)
Summary: ldap_value_free() deprecated

Initial Comment:
Current ldap.h lists ldap_value_free() as deprecated.
ldap_values_free_len() shall be used instead.

----------------------------------------------------------------------

>Comment By: Michael Ströder (stroeder)
Date: 2007-03-18 12:49

Message:
Logged In: YES
user_id=64920
Originator: YES

Hmm, since Python strings are similar to struct berval probably OpenLDAP's
function ldap_bv2dn() should be used instead ldap_str2dn() within
l_ldap_str2dn().

----------------------------------------------------------------------

Comment By: Michael Ströder (stroeder)
Date: 2007-03-18 11:52

Message:
Logged In: YES
user_id=64920
Originator: YES

It seems ldap_value_free() is solely used in l_ldap_explode_dn() and
ldap_explode_rdn(). These functions in turn use OpenLDAP's functions
ldap_explode_dn() and ldap_explode_rdn() which are also marked as
deprecated.

So the best thing is for upcoming python-ldap 2.3
1. to add a new function l_ldap_str2dn() to functions.c,
2. add a new Python wrapper function str2dn() to Lib/ldap/functions.py,
3. to remove l_ldap_explode_dn() and ldap_explode_rdn() from functions.c
and
4. modify pure Python wrapper function explode_dn() and explode_rdn() in
ldap.functions to use the new Python function ldap.functions.str2dn() for
preserving backward compability.

This might change the behaviour of ldap.explode_dn() to return hex-escaped
chars for NON-ASCII chars. This is odd anyway so personally I don't care.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=102072&aid=1657848&group_id=2072

Re: Error modlist.py in addModlist

[<mi...@st...>]

Garland, Ken R wrote:
>                 entry = "{'uid': ['" + uid + "'], 'objectClass':
> ['top', 'inetOrgPerson'], 'userPassword': ['" + '{SHA}' + userpass +
> "'], 'vamc': ['" + vamcdrop + "'], 'sn': ['" + lastname + "'],
> 'givenName': ['" + firstname + "'], 'cn': ['" + firstname + " " +
> lastname + "']}"

What made you think that you have to pass a string for parameter
'entry'? It MUST be a dictionary. As others noted all attribute values
should be encoded to strings. This can either require .encode('utf-8')
or .encode('ascii') according to the LDAP syntax defined for
the various attributes.
(One might argue that UTF-8 is a superset of ASCII but IMO it's better
to catch syntax errors before sending anything to the server.)

> {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> 'givenName': ['null'], 'cn': ['null null']}

BTW: Setting pseudo-null values is bad practice when adding LDAP
entries. You may run into interop issues with other LDAP-enabled
applications later.

Ciao, Michael.

Re: another odd problem... with ldap restart

[Alain S. <asp...@gm...>]

You are working asynchronously !

add a ldap.result() into your try: except or use the synchronous
ldap.search_s()
method and you will get your error in the expected order.

I you want to survive to ldap restart, use the ReconnectLDAPObject that do
the job nicely.

BUT this let a good QUESTION :

If I start 10 asynchronous ldap requests when the server is down,
how many exception will I get ? 1 or 10 ? easy to test :-)


On 3/20/07, Anil Jangity <an...@en...> wrote:
>
> If I restart the LDAP server, while connected to it using python-ldap,
> it doesn't seem to be throwing an exception at the right time.
>
> self.logger('*** about to do a search ***')
> result = g.ldap[customer][uid].search(base=suffix, scope="base",
> attr=["dn"])
> self.logger('*** finished search ***')
>
> g.ldap is a wrapper method that just does this:
> try:
> self.logger('1')
> ldap_result_id = self.l.search(ldap_url.dn, ldap_url.scope,
> ldap_url.filterstr, ldap_url.attrs)
> self.logger('2')
> except ldap.LDAPError, e:
> self.logger("LDAP SEARCH failed: %s" % (e))
> return False
>
> Once connected to the ldap server, I do stop-start ldap server. Then,
> I do two searches in order. The 2nd search throws an exception "Can't
> contact LDAP server". I am just wondering why it doesn't do it the
> first time?
>
> Mar 20 09:43:35 DEBUG 127.0.0.1 *** about to do a search ***
> Mar 20 09:43:35 INFO LDAP SEARCH: dn: uid=demo, ou=People, o=entic.net
> scope: 0 filter: (objectClass=top)
> Mar 20 09:43:35 INFO 1
> Mar 20 09:43:35 INFO 2
> Mar 20 09:43:36 DEBUG 127.0.0.1 *** about to do a search ***
> Mar 20 09:43:36 INFO LDAP SEARCH: dn: uid=demo, ou=People, o=entic.net
> scope: 0 filter: (objectClass=top)
> Mar 20 09:43:36 INFO 1
> Mar 20 09:43:36 INFO LDAP SEARCH failed: {'info': '', 'desc': "Can't
> contact LDAP server"}
> Mar 20 09:43:36 DEBUG 127.0.0.1 *** finished search ***
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>



-- 
--
Alain Spineux
aspineux gmail com
May the sources be with you

another odd problem... with ldap restart

[Anil J. <an...@en...>]

If I restart the LDAP server, while connected to it using python-ldap,
it doesn't seem to be throwing an exception at the right time.

self.logger('*** about to do a search ***')
result = g.ldap[customer][uid].search(base=suffix, scope="base", attr=["dn"])
self.logger('*** finished search ***')

g.ldap is a wrapper method that just does this:
try:
 self.logger('1')
 ldap_result_id = self.l.search(ldap_url.dn, ldap_url.scope,
ldap_url.filterstr, ldap_url.attrs)
 self.logger('2')
except ldap.LDAPError, e:
 self.logger("LDAP SEARCH failed: %s" % (e))
 return False

Once connected to the ldap server, I do stop-start ldap server. Then,
I do two searches in order. The 2nd search throws an exception "Can't
contact LDAP server". I am just wondering why it doesn't do it the
first time?

Mar 20 09:43:35 DEBUG 127.0.0.1 *** about to do a search ***
Mar 20 09:43:35 INFO LDAP SEARCH: dn: uid=demo, ou=People, o=entic.net
scope: 0 filter: (objectClass=top)
Mar 20 09:43:35 INFO 1
Mar 20 09:43:35 INFO 2
Mar 20 09:43:36 DEBUG 127.0.0.1 *** about to do a search ***
Mar 20 09:43:36 INFO LDAP SEARCH: dn: uid=demo, ou=People, o=entic.net
scope: 0 filter: (objectClass=top)
Mar 20 09:43:36 INFO 1
Mar 20 09:43:36 INFO LDAP SEARCH failed: {'info': '', 'desc': "Can't
contact LDAP server"}
Mar 20 09:43:36 DEBUG 127.0.0.1 *** finished search ***

Re: Fwd: Error modlist.py in addModlist

[Garland, K. R <gar...@gm...>]

thanks, i think i was getting by with my own tests but i'm sure users
will crash it with error. i've added your suggestion for encoding.

On 3/19/07, Joao S. O. Bueno Calligaris <gw...@mp...> wrote:
> On Monday 19 March 2007 15:37, Alain Spineux wrote:
> > I didn't read your code, but I know ldap dont like python's unicode
> > string.
> >
> > Convert any strings coming from your web interface into string,
> > using str().
> >
>
> better do your_unicode_string.encode("utf-8")   - that way your
> application won't crash on non ASCII characters.
>
> > Hope this help
> >
> > On 3/19/07, Garland, Ken R <gar...@gm...> wrote:
> > > I've sliced together a script to add users to ldap, which works
> > > great. however, now i'm implementing it into a webapp and having
> > > some issues.
> > >
> > > --------------------
> > > Spyce exception
> > > File:   /home/kgarland/downloads/spyce- 2.1/www/newadd.spy
> > > Message:
> > >
> > > AttributeError: 'str' object has no attribute 'keys'
> > >
> > > Stack:  /usr/lib/python2.4/site-packages/ldap/modlist.py:34, in
> > > addModlist:
> > >
> > > for attrtype in entry.keys ():
> > >
> > > newadd.spy:19, in passcheck:
> > >                 mymodlist = ldap.modlist.addModlist(entry)
> > > --------------------
> > >
> > > My code causing the issue:
> > >
> > > --------------------
> > > def passcheck(self, api, passwd, firstname, lastname, vamcdrop):
> > >         import string, sys, ldap, crack, hashlib, base64
> > >         try:
> > >                 crack.VeryFascistCheck(passwd)
> > >         except ValueError, reason:
> > >                 print("Please use a different password, %s." %
> > > reason) else:
> > >                 l=ldap.initialize("ldaps://null")
> > >                 l.bind_s('cn=removed,dc=removed,dc=removed',
> > > 'removed') y = hashlib.sha1(passwd).digest()
> > >                 base64encode = base64.encodestring(y)
> > >                 userpass = string.rstrip(base64encode)
> > >                 uid = firstname.lower() + "." + lastname.lower()
> > >                 mydn = "uid=" + uid + ",ou=VA,dc=pharmacy,dc=com"
> > >                 entry = "{'uid': ['" + uid + "'], 'objectClass':
> > > ['top', 'inetOrgPerson'], 'userPassword': ['" + '{SHA}' +
> > > userpass + "'], 'vamc': ['" + vamcdrop + "'], 'sn': ['" +
> > > lastname + "'], 'givenName': ['" + firstname + "'], 'cn': ['" +
> > > firstname + " " + lastname + "']}"
> > >                 mymodlist = ldap.modlist.addModlist(entry)
> > >                 l.add_s(mydn, mymodlist)
> > >                 print "Adding the following information into
> > > LDAP:" print "<br>"
> > >                 print entry
> > > --------------------
> > >
> > > Looks like modlist is not happy with the string being presented
> > > to it. Printing the entry variable gives the same results for
> > > both the webapp and commandline.
> > >
> > > Web:
> > > {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> > > 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> > > 'givenName': ['null'], 'cn': ['null null']}
> > >
> > > Shell:
> > > {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> > > 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> > > 'givenName': ['null'], 'cn': ['null null']}
> > >
> > > -----------------------------------------------------------------
> > >-------- Take Surveys. Earn Cash. Influence the Future of IT
> > > Join SourceForge.net's Techsay panel and you'll get the chance to
> > > share your
> > > opinions on IT & business topics through brief surveys-and earn
> > > cash
> > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CI
> > >D=DEVDEV _______________________________________________
> > > Python-LDAP-dev mailing list
> > > Pyt...@li...
> > > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
> >
> > --
> > --
> > Alain Spineux
> > aspineux gmail com
> > May the sources be with you
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>

Re: Fwd: Error modlist.py in addModlist

[Joao S. O. B. C. <gw...@mp...>]

On Monday 19 March 2007 15:37, Alain Spineux wrote:
> I didn't read your code, but I know ldap dont like python's unicode
> string.
>
> Convert any strings coming from your web interface into string,
> using str().
>

better do your_unicode_string.encode("utf-8")   - that way your 
application won't crash on non ASCII characters.

> Hope this help
>
> On 3/19/07, Garland, Ken R <gar...@gm...> wrote:
> > I've sliced together a script to add users to ldap, which works
> > great. however, now i'm implementing it into a webapp and having
> > some issues.
> >
> > --------------------
> > Spyce exception
> > File:   /home/kgarland/downloads/spyce- 2.1/www/newadd.spy
> > Message:
> >
> > AttributeError: 'str' object has no attribute 'keys'
> >
> > Stack:  /usr/lib/python2.4/site-packages/ldap/modlist.py:34, in
> > addModlist:
> >
> > for attrtype in entry.keys ():
> >
> > newadd.spy:19, in passcheck:
> >                 mymodlist = ldap.modlist.addModlist(entry)
> > --------------------
> >
> > My code causing the issue:
> >
> > --------------------
> > def passcheck(self, api, passwd, firstname, lastname, vamcdrop):
> >         import string, sys, ldap, crack, hashlib, base64
> >         try:
> >                 crack.VeryFascistCheck(passwd)
> >         except ValueError, reason:
> >                 print("Please use a different password, %s." %
> > reason) else:
> >                 l=ldap.initialize("ldaps://null")
> >                 l.bind_s('cn=removed,dc=removed,dc=removed',
> > 'removed') y = hashlib.sha1(passwd).digest()
> >                 base64encode = base64.encodestring(y)
> >                 userpass = string.rstrip(base64encode)
> >                 uid = firstname.lower() + "." + lastname.lower()
> >                 mydn = "uid=" + uid + ",ou=VA,dc=pharmacy,dc=com"
> >                 entry = "{'uid': ['" + uid + "'], 'objectClass':
> > ['top', 'inetOrgPerson'], 'userPassword': ['" + '{SHA}' +
> > userpass + "'], 'vamc': ['" + vamcdrop + "'], 'sn': ['" +
> > lastname + "'], 'givenName': ['" + firstname + "'], 'cn': ['" +
> > firstname + " " + lastname + "']}"
> >                 mymodlist = ldap.modlist.addModlist(entry)
> >                 l.add_s(mydn, mymodlist)
> >                 print "Adding the following information into
> > LDAP:" print "<br>"
> >                 print entry
> > --------------------
> >
> > Looks like modlist is not happy with the string being presented
> > to it. Printing the entry variable gives the same results for
> > both the webapp and commandline.
> >
> > Web:
> > {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> > 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> > 'givenName': ['null'], 'cn': ['null null']}
> >
> > Shell:
> > {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> > 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> > 'givenName': ['null'], 'cn': ['null null']}
> >
> > -----------------------------------------------------------------
> >-------- Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to
> > share your
> > opinions on IT & business topics through brief surveys-and earn
> > cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CI
> >D=DEVDEV _______________________________________________
> > Python-LDAP-dev mailing list
> > Pyt...@li...
> > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>
> --
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you

Re: Error modlist.py in addModlist

[Garland, K. R <gar...@gm...>]

well i get the error still. but i made a mistake earlier and it looks
like my string is not a true dictionary and modlist is unhappy with
it. The shell version of my script is a bit different and doesn't have
this issue.

Traceback (most recent call last):
  File "./ldapadd.py", line 23, in ?
    mymodlist = ldap.modlist.addModlist(newentry)
  File "/usr/lib/python2.4/site-packages/ldap/modlist.py", line 34, in
addModlist
    for attrtype in entry.keys():
AttributeError: 'str' object has no attribute 'keys'

Now I'll dive into converting it into a dictionary. Thanks, looks like
the error is on my part.

On 3/19/07, Alain Spineux <asp...@gm...> wrote:
>
> I didn't read your code, but I know ldap dont like python's unicode string.
>
> Convert any strings coming from your web interface into string, using str().
>
> Hope this help
>
>
>
>  On 3/19/07, Garland, Ken R <gar...@gm...> wrote:
> > I've sliced together a script to add users to ldap, which works great.
> > however, now i'm implementing it into a webapp and having some issues.
> >
> > --------------------
> > Spyce exception
> > File:   /home/kgarland/downloads/spyce- 2.1/www/newadd.spy
> > Message:
> >
> > AttributeError: 'str' object has no attribute 'keys'
> >
> > Stack:
> /usr/lib/python2.4/site-packages/ldap/modlist.py:34,
> in addModlist:
> >
> > for attrtype in entry.keys ():
> >
> > newadd.spy:19, in passcheck:
> >                 mymodlist = ldap.modlist.addModlist(entry)
> > --------------------
> >
> > My code causing the issue:
> >
> > --------------------
> > def passcheck(self, api, passwd, firstname, lastname, vamcdrop):
> >         import string, sys, ldap, crack, hashlib, base64
> >         try:
> >                 crack.VeryFascistCheck(passwd)
> >         except ValueError, reason:
> >                 print("Please use a different password, %s." % reason)
> >         else:
> >                 l=ldap.initialize("ldaps://null")
> >
> l.bind_s('cn=removed,dc=removed,dc=removed', 'removed')
> >                 y = hashlib.sha1(passwd).digest()
> >                 base64encode = base64.encodestring(y)
> >                 userpass = string.rstrip(base64encode)
> >                 uid = firstname.lower() + "." + lastname.lower()
> >                 mydn = "uid=" + uid + ",ou=VA,dc=pharmacy,dc=com"
> >                 entry = "{'uid': ['" + uid + "'], 'objectClass':
> > ['top', 'inetOrgPerson'], 'userPassword': ['" + '{SHA}' + userpass +
> > "'], 'vamc': ['" + vamcdrop + "'], 'sn': ['" + lastname + "'],
> > 'givenName': ['" + firstname + "'], 'cn': ['" + firstname + " " +
> > lastname + "']}"
> >                 mymodlist = ldap.modlist.addModlist(entry)
> >                 l.add_s(mydn, mymodlist)
> >                 print "Adding the following information into LDAP:"
> >                 print "<br>"
> >                 print entry
> > --------------------
> >
> > Looks like modlist is not happy with the string being presented to it.
> > Printing the entry variable gives the same results for both the webapp
> > and commandline.
> >
> > Web:
> > {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> > 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> > 'givenName': ['null'], 'cn': ['null null']}
> >
> > Shell:
> > {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> > 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> > 'givenName': ['null'], 'cn': ['null null']}
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys-and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > Python-LDAP-dev mailing list
> > Pyt...@li...
> >
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
> >
>
>
>
> --
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
>
>
> --
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>
>

Fwd: Error modlist.py in addModlist

[Alain S. <asp...@gm...>]

I didn't read your code, but I know ldap dont like python's unicode string.

Convert any strings coming from your web interface into string, using str().

Hope this help


On 3/19/07, Garland, Ken R <gar...@gm...> wrote:
>
> I've sliced together a script to add users to ldap, which works great.
> however, now i'm implementing it into a webapp and having some issues.
>
> --------------------
> Spyce exception
> File:   /home/kgarland/downloads/spyce- 2.1/www/newadd.spy
> Message:
>
> AttributeError: 'str' object has no attribute 'keys'
>
> Stack:  /usr/lib/python2.4/site-packages/ldap/modlist.py:34, in
> addModlist:
>
> for attrtype in entry.keys ():
>
> newadd.spy:19, in passcheck:
>                 mymodlist = ldap.modlist.addModlist(entry)
> --------------------
>
> My code causing the issue:
>
> --------------------
> def passcheck(self, api, passwd, firstname, lastname, vamcdrop):
>         import string, sys, ldap, crack, hashlib, base64
>         try:
>                 crack.VeryFascistCheck(passwd)
>         except ValueError, reason:
>                 print("Please use a different password, %s." % reason)
>         else:
>                 l=ldap.initialize("ldaps://null")
>                 l.bind_s('cn=removed,dc=removed,dc=removed', 'removed')
>                 y = hashlib.sha1(passwd).digest()
>                 base64encode = base64.encodestring(y)
>                 userpass = string.rstrip(base64encode)
>                 uid = firstname.lower() + "." + lastname.lower()
>                 mydn = "uid=" + uid + ",ou=VA,dc=pharmacy,dc=com"
>                 entry = "{'uid': ['" + uid + "'], 'objectClass':
> ['top', 'inetOrgPerson'], 'userPassword': ['" + '{SHA}' + userpass +
> "'], 'vamc': ['" + vamcdrop + "'], 'sn': ['" + lastname + "'],
> 'givenName': ['" + firstname + "'], 'cn': ['" + firstname + " " +
> lastname + "']}"
>                 mymodlist = ldap.modlist.addModlist(entry)
>                 l.add_s(mydn, mymodlist)
>                 print "Adding the following information into LDAP:"
>                 print "<br>"
>                 print entry
> --------------------
>
> Looks like modlist is not happy with the string being presented to it.
> Printing the entry variable gives the same results for both the webapp
> and commandline.
>
> Web:
> {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> 'givenName': ['null'], 'cn': ['null null']}
>
> Shell:
> {'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
> 'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
> 'givenName': ['null'], 'cn': ['null null']}
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>



-- 
--
Alain Spineux
aspineux gmail com
May the sources be with you


-- 
--
Alain Spineux
aspineux gmail com
May the sources be with you

Error modlist.py in addModlist

[Garland, K. R <gar...@gm...>]

I've sliced together a script to add users to ldap, which works great.
however, now i'm implementing it into a webapp and having some issues.

--------------------
Spyce exception
File:	/home/kgarland/downloads/spyce-2.1/www/newadd.spy
Message: 	

AttributeError: 'str' object has no attribute 'keys'

Stack:	/usr/lib/python2.4/site-packages/ldap/modlist.py:34, in addModlist:

for attrtype in entry.keys():

newadd.spy:19, in passcheck:
		mymodlist = ldap.modlist.addModlist(entry)
--------------------

My code causing the issue:

--------------------
def passcheck(self, api, passwd, firstname, lastname, vamcdrop):
        import string, sys, ldap, crack, hashlib, base64
        try:
                crack.VeryFascistCheck(passwd)
        except ValueError, reason:
                print("Please use a different password, %s." % reason)
        else:
                l=ldap.initialize("ldaps://null")
                l.bind_s('cn=removed,dc=removed,dc=removed', 'removed')
                y = hashlib.sha1(passwd).digest()
                base64encode = base64.encodestring(y)
                userpass = string.rstrip(base64encode)
                uid = firstname.lower() + "." + lastname.lower()
                mydn = "uid=" + uid + ",ou=VA,dc=pharmacy,dc=com"
                entry = "{'uid': ['" + uid + "'], 'objectClass':
['top', 'inetOrgPerson'], 'userPassword': ['" + '{SHA}' + userpass +
"'], 'vamc': ['" + vamcdrop + "'], 'sn': ['" + lastname + "'],
'givenName': ['" + firstname + "'], 'cn': ['" + firstname + " " +
lastname + "']}"
                mymodlist = ldap.modlist.addModlist(entry)
                l.add_s(mydn, mymodlist)
                print "Adding the following information into LDAP:"
                print "<br>"
                print entry
--------------------

Looks like modlist is not happy with the string being presented to it.
Printing the entry variable gives the same results for both the webapp
and commandline.

Web:
{'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
'givenName': ['null'], 'cn': ['null null']}

Shell:
{'uid': ['null.null'], 'objectClass': ['top', 'inetOrgPerson'],
'userPassword': ['{SHA}null'], 'vamc': ['null'], 'sn': ['null'],
'givenName': ['null'], 'cn': ['null null']}

Re: peculiar problem

[<mi...@st...>]

Anil,

please keep replies to the python-ldap-dev list.

Anil Jangity wrote:
> 
> But, why couldn't python-ldap automatically encode as utf-8? Is it
> because of performance issues?

Each attribute has different syntax, e.g. 'jpegPhoto' etc. So you have
to look at the schema to do the right thing. Or the application has
prior knowledge like most people are implementing it.

Strictly speaking in case of attribute 'mail' one would have to encode
as 'ascii' since the LDAP syntax for this is IA5String and ASCII is the
closest to this.

Ciao, Michael.

Re: add_s: ldap.INVALID_DN_SYNTAX

[Chaos E. <cha...@gm...>]

hi,
Obviously , you didn't aware when your script didn't finish in one
minute the cron would start another script doing the same job. As you
have mentioned, 1 minute was not enough to sync tree. I think that is
the core problem.
So my suggestion is , when your script starts, aquire a lock, then do
all the sync things, and release the lock before exit.
Hope my suggestion can help.

On 3/12/07, Ervin Heged=FCs <ai...@gm...> wrote:
> Hello,
>
> > chaos@felucia:~$ ps afx|grep sleep
> > 25170 ?        Ss     0:00  |   \_ sleep 300
> > 25246 ?        Ss     0:00  |   \_ sleep 300
> > 25324 ?        Ss     0:00  |   \_ sleep 300
> > 25403 ?        Ss     0:00  |   \_ sleep 300
> > 25486 ?        Ss     0:00      \_ sleep 300
> > 25530 pts/5    S+     0:00  |   \_ grep sleep
> > chaos@felucia:~$ crontab -l
> > # m h  dom mon dow   command
> > * * * * * sleep 300
> >
> > have i missed something?
> Nothing. Or rather yes. :)
>
> I didn't wrote, the run-time of script usually less than 1sec.
>
> Here is my output:
> # ps axf | grep chkdir.py
> 24859 pts/2    S+     0:00                      \_ grep chkdir.py
>
> > > Hmmm... I think there is _no_ other thread (or process), what wants t=
o
> > > write to database.
> >
> > Still dont get it?
> no, I don't.
>
> > If the event only occures 1-5 time per-week, why you make your script
> > run every minute?
> Because event occurs randomly: sometime it occur monday morning,
> sometime friday evening - sometime it occurs in workhours, sometime
> out of workhours.
>
> This is not so simple....
>
>
> Thank you:
>
> a.
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>


--=20
Best Regards
Chaos Eternal

Re: add_s: ldap.INVALID_DN_SYNTAX

[<ai...@gm...>]

Hello,

> chaos@felucia:~$ ps afx|grep sleep
> 25170 ?        Ss     0:00  |   \_ sleep 300
> 25246 ?        Ss     0:00  |   \_ sleep 300
> 25324 ?        Ss     0:00  |   \_ sleep 300
> 25403 ?        Ss     0:00  |   \_ sleep 300
> 25486 ?        Ss     0:00      \_ sleep 300
> 25530 pts/5    S+     0:00  |   \_ grep sleep
> chaos@felucia:~$ crontab -l
> # m h  dom mon dow   command
> * * * * * sleep 300
>
> have i missed something?
Nothing. Or rather yes. :)

I didn't wrote, the run-time of script usually less than 1sec.

Here is my output:
# ps axf | grep chkdir.py
24859 pts/2    S+     0:00                      \_ grep chkdir.py

> > Hmmm... I think there is _no_ other thread (or process), what wants to
> > write to database.
>
> Still dont get it?
no, I don't.

> If the event only occures 1-5 time per-week, why you make your script
> run every minute?
Because event occurs randomly: sometime it occur monday morning,
sometime friday evening - sometime it occurs in workhours, sometime
out of workhours.

This is not so simple....


Thank you:

a.

Re: add_s: ldap.INVALID_DN_SYNTAX

[<ai...@gm...>]

Hello there,

> If your script behaves differently when invoked from system shell then
> their is another problem.

I think that - but where could be that problem?

> > DN, eg.: cn=airtest,ou=ftp,o=company,dc=domain,dc=com.
>                                                       ^^^
> I guess the trailing dot is the end of the sentence and not part of your DN?

No, that dot is the 'end of the sentence', not part of DN.

> I recommend this since you see then which values get really passed into
> python-ldap.

thanks, I will try this...


a.

Re: add_s: ldap.INVALID_DN_SYNTAX

[<mi...@st...>]

Ervin Hegedüs wrote:
> 
> I'm not sure about it - as I wrote when I run script from system shell (I mean:
> interactively), then script doesn't drop any exception.

If your script behaves differently when invoked from system shell then
their is another problem.

> I try to print
> out the DN
> value, what I give to the function as first argument, and it looks
> like a normally
> DN, eg.: cn=airtest,ou=ftp,o=company,dc=domain,dc=com.
                                                      ^^^
I guess the trailing dot is the end of the sentence and not part of your DN?

> By the way: I try to set up those trace_level, may be it will be more
> informative...

I recommend this since you see then which values get really passed into
python-ldap.

Ciao, Michael.

Re: add_s: ldap.INVALID_DN_SYNTAX

[<mi...@st...>]

Chaos Eternal wrote:
> hello there,
>  Since your script is run by cron every one minute, i wonder that do
> you have any lock mechanisms to prevent more than one instance of your
> script to start? some buggy or mis-configured ldapserver can not work
> properly when large amounts of write operations come simultaneously.

Very unlikely. This would be a really brain-dead LDAP server.

>  What I suggest is carefully re-design your script. use some lock
> mechanisms and some queue technologies.

LDAP add and modify operations are atomic. The LDAP server takes care of
database locking. And python-ldap takes care of locks for using a LDAP
connection in several threads.

Ciao, Michael.

Re: add_s: ldap.INVALID_DN_SYNTAX

[<mi...@st...>]

Chaos Eternal wrote:
>>
>> Back to my problem: on that machine there is just one user, who gets
>> access to LDAP db, and that user write to db _only_ when original list
>> was modified. That's occurrence is 1-5 event per week...(!)
> 
> If the event only occures 1-5 time per-week, why you make your script
> run every minute?

I guess he does not want to have a longer latency for passing the
modifications to the LDAP server and there's no other possibility to
trigger running the script event-based when the original list is
actually updated.

Ciao, Michael.

Re: add_s: ldap.INVALID_DN_SYNTAX

[Chaos E. <cha...@gm...>]

Helo

On 3/10/07, Ervin Heged=FCs <ai...@gm...> wrote:
> Hello,
>
> >  Since your script is run by cron every one minute, i wonder that do
> > you have any lock mechanisms to prevent more than one instance of your
> > script to start?
> It's very interesting theory...

chaos@felucia:~$ ps afx|grep sleep
25170 ?        Ss     0:00  |   \_ sleep 300
25246 ?        Ss     0:00  |   \_ sleep 300
25324 ?        Ss     0:00  |   \_ sleep 300
25403 ?        Ss     0:00  |   \_ sleep 300
25486 ?        Ss     0:00      \_ sleep 300
25530 pts/5    S+     0:00  |   \_ grep sleep
chaos@felucia:~$ crontab -l
# m h  dom mon dow   command
* * * * * sleep 300

have i missed something?

>
> > some buggy or mis-configured ldapserver can not work
> > properly when large amounts of write operations come simultaneously.
> Hmmm... I think there is _no_ other thread (or process), what wants to
> write to database.

Still dont get it?

>
> >  What I suggest is carefully re-design your script. use some lock
> > mechanisms and some queue technologies.
>
> I don't think so it any LDAP client requires this feature. It's like any
> SQL server needs to lock a table, when a client wants to insert a
> simple record.
> (Don't wrong me: I know, there are many cases need to lock a table,
> but IMHO that's for other cases)
>
> Handle the clients requests is the most common function of any kind
> of "database" servers - in this case the database word means any kind
> of structure-handle application. :) But this is a flame-way, sorry.
>
> Back to my problem: on that machine there is just one user, who gets
> access to LDAP db, and that user write to db _only_ when original list
> was modified. That's occurrence is 1-5 event per week...(!)

If the event only occures 1-5 time per-week, why you make your script
run every minute?

>
> Thanks:
> a.
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>


--=20
Best Regards
Chaos Eternal

Re: add_s: ldap.INVALID_DN_SYNTAX

[<ai...@gm...>]

Hello,

>  Since your script is run by cron every one minute, i wonder that do
> you have any lock mechanisms to prevent more than one instance of your
> script to start?
It's very interesting theory...

> some buggy or mis-configured ldapserver can not work
> properly when large amounts of write operations come simultaneously.
Hmmm... I think there is _no_ other thread (or process), what wants to
write to database.

>  What I suggest is carefully re-design your script. use some lock
> mechanisms and some queue technologies.

I don't think so it any LDAP client requires this feature. It's like any
SQL server needs to lock a table, when a client wants to insert a
simple record.
(Don't wrong me: I know, there are many cases need to lock a table,
but IMHO that's for other cases)

Handle the clients requests is the most common function of any kind
of "database" servers - in this case the database word means any kind
of structure-handle application. :) But this is a flame-way, sorry.

Back to my problem: on that machine there is just one user, who gets
access to LDAP db, and that user write to db _only_ when original list
was modified. That's occurrence is 1-5 event per week...(!)

Thanks:
a.

Re: add_s: ldap.INVALID_DN_SYNTAX

[Chaos E. <cha...@gm...>]

hello there,
 Since your script is run by cron every one minute, i wonder that do
you have any lock mechanisms to prevent more than one instance of your
script to start? some buggy or mis-configured ldapserver can not work
properly when large amounts of write operations come simultaneously.
 What I suggest is carefully re-design your script. use some lock
mechanisms and some queue technologies.

On 3/10/07, Ervin Heged=FCs <ai...@gm...> wrote:
> Hello,
>
> > >   File "/usr/local/checkftpdir/Ldapfunctions.py", line 61, in addEntr=
y
> > >     self.l.add_s(_dn, ldif)
> [...]
> > >   File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94=
,
> > > in _ldap_call     result =3D func(*args,**kwargs)
> > > ldap.INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN sy=
ntax'}
> >
> > This is an error the server sends back. Probably you're generating a DN
> > with invalid syntax. I'd recommend to set trace_level=3D2 with
> > ldap.initialize() to see what the python-ldap API receives from your sc=
ript.
>
> I'm not sure about it - as I wrote when I run script from system shell (I=
 mean:
> interactively), then script doesn't drop any exception. I try to print
> out the DN
> value, what I give to the function as first argument, and it looks
> like a normally
> DN, eg.: cn=3Dairtest,ou=3Dftp,o=3Dcompany,dc=3Ddomain,dc=3Dcom.
>
> There aren't any spaces, or other chars, what I miss then.
>
> By the way: I try to set up those trace_level, may be it will be more
> informative...
>
> thanks:
>
> a.
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDEV
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>


--
Best Regards
Chaos Eternal

Re: add_s: ldap.INVALID_DN_SYNTAX

[<ai...@gm...>]

Hello,

> >   File "/usr/local/checkftpdir/Ldapfunctions.py", line 61, in addEntry
> >     self.l.add_s(_dn, ldif)
[...]
> >   File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94,
> > in _ldap_call     result = func(*args,**kwargs)
> > ldap.INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}
>
> This is an error the server sends back. Probably you're generating a DN
> with invalid syntax. I'd recommend to set trace_level=2 with
> ldap.initialize() to see what the python-ldap API receives from your script.

I'm not sure about it - as I wrote when I run script from system shell (I mean:
interactively), then script doesn't drop any exception. I try to print
out the DN
value, what I give to the function as first argument, and it looks
like a normally
DN, eg.: cn=airtest,ou=ftp,o=company,dc=domain,dc=com.

There aren't any spaces, or other chars, what I miss then.

By the way: I try to set up those trace_level, may be it will be more
informative...

thanks:

a.

Re: add_s: ldap.INVALID_DN_SYNTAX

[<mi...@st...>]

Ervin Hegedüs wrote:
> 
>   File "/usr/local/checkftpdir/Ldapfunctions.py", line 61, in addEntry
>     self.l.add_s(_dn, ldif)
>   File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 163, in add_s
>     self.result(msgid,all=1,timeout=self.timeout)
>   File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line
> 399, in result
>     res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
>   File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line
> 405, in result2
>     return self._ldap_call(self._l.result2,msgid,all,timeout)
>   File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94,
> in _ldap_call     result = func(*args,**kwargs)
> ldap.INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}

This is an error the server sends back. Probably you're generating a DN
with invalid syntax. I'd recommend to set trace_level=2 with
ldap.initialize() to see what the python-ldap API receives from your script.

Ciao, Michael.

add_s: ldap.INVALID_DN_SYNTAX

[<ai...@gm...>]

Hello,

here is an Ubuntu Server box (6.06) with python 2.4, python-ldap
2.0.4, and slapd 2.2.26 - all of these from Ubuntu package.

Here is an application, what runs by crontab in every minutes. It
looks a list, and if list was modified, it modifies LDAP tree. (List
generated by a directory's items.) Early version of that app use to
add an entry OBJECT.add() method, but it was not sync mode, and
crontabs 1 minute was not enough to sync tree.
So I changed to add_s(), and then my application adds entry sync
correctly. But now, when original list modified, and app runs by
crontab, I get this error:

Traceback (most recent call last):
  File "/usr/local/checkftpdir/chkdir.py", line 43, in ?
    L.addEntry(d, base, '')
  File "/usr/local/checkftpdir/Ldapfunctions.py", line 61, in addEntry
    self.l.add_s(_dn, ldif)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 163, in add_s
    self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line
399, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line
405, in result2
    return self._ldap_call(self._l.result2,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94,
in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}

and entry added correctly to tree. BUT, when I run it interactive, I
_don't_get_any_ error.

del_s() method doesn't give any error, just add_s().

Any suggestion?


Thank you:

a.