Menu
▾
▴
python-ldap-dev
|
From: Michael E. <men...@ka...> - 2003-05-01 15:47:08
|
Hi - Is there anything in the API that will let you determine whether a particular users login was successful or not? I'm using simple_bind to bind a user but it appears that if you type in anything, it will accept but just not give access rights. I want to be able to display a web page after a user tries to login that says "Username/Password were incorrect. please try again." Thanks Mike |
|
From: <mi...@st...> - 2003-05-01 16:03:16
|
Michael Engelhart wrote: > > Is there anything in the API that will let you determine whether a > particular users login was successful or not? I'm using simple_bind to > bind a user but it appears that if you type in anything, it will accept > but just not give access rights. I want to be able to display a web > page after a user tries to login that says "Username/Password were > incorrect. please try again." Mainly if simple_bind_s(who,cred) was successful with a non-empty password in cred the "login" was successful. Otherwise one of the following exceptions is usually raised: ldap.INVALID_CREDENTIALS ldap.INAPPROPRIATE_AUTH Note the "usual" in the sentence above. Details depend very much on your LDAP server (which one?). Many weird things out there... Ciao, Michael. |
|
From: Michael E. <men...@ka...> - 2003-05-01 16:15:44
|
Hmm. OK - well below are the relevant snippets from LDAPWrapper class. =20=
When I pass in a valid dn for "user" and an incorrect password, it=20
still binds. It appears to bind as a user that has no privileges but=20=
it doesn't throw an exception. I'm running openldap 2.1 on Mac OS X=20
10.2.5 if that makes a difference. Are the OpenLDAP settings that=20
override this behavior that I can adjust. It's very odd to me that=20=
it wouldn't "always" throw an exception or what's the point of the=20
authentication step! :-)
Thanks
Mike
class LDAPWrapper:
def __init__(self, user=3D"", password=3D""):
try:
self.server =3D ldap.open("127.0.0.1")
self.server.simple_bind(user, password)
except ldap.LDAPError, e:
print "general LDAP error ", e
except ldap.INVALID_CREDENTIALS, e:
print "Invalid Credentials", e
except ldap.INAPPROPRIATE_AUTH, e:
print "Inappropriate Auth", e
=09
On Thursday, May 1, 2003, at 12:03 PM, Michael Str=F6der wrote:
> Michael Engelhart wrote:
>> Is there anything in the API that will let you determine whether a=20
>> particular users login was successful or not? I'm using simple_bind=20=
>> to bind a user but it appears that if you type in anything, it will=20=
>> accept but just not give access rights. I want to be able to display=20=
>> a web page after a user tries to login that says "Username/Password=20=
>> were incorrect. please try again."
>
> Mainly if simple_bind_s(who,cred) was successful with a non-empty=20
> password in cred the "login" was successful. Otherwise one of the=20
> following exceptions is usually raised:
>
> ldap.INVALID_CREDENTIALS
>
> ldap.INAPPROPRIATE_AUTH
>
> Note the "usual" in the sentence above. Details depend very much on=20
> your LDAP server (which one?). Many weird things out there...
>
> Ciao, Michael.
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>
|
|
From: <mi...@st...> - 2003-05-01 16:34:50
|
Michael Engelhart wrote: > Hmm. OK - well below are the relevant snippets from LDAPWrapper class. > When I pass in a valid dn for "user" and an incorrect password, it still > binds. It appears to bind as a user that has no privileges but it > doesn't throw an exception. Strange. Maybe some problems with ACLs (check http://www.openldap.org/faq/data/cache/189.html)? Below's a test I did with my local server. 1. ldap.INVALID_CREDENTIALS is raised if the password provided does not match value of attribute 'userPassword'. 2. ldap.INAPPROPRIATE_AUTH is raised if entry does not have attribute 'userPassword' at all. 3. It only binds in the case the password matches. Best bet is trying to reproduce the same behaviour with OpenLDAP's ldapsearch and ask on the openldap-software mailing list. Ciao, Michael. ------------------------------- snip ------------------------------- >>> import ldap >>> l=ldap.initialize('ldap://localhost:1390') >>> l.simple_bind_s('uid=anna,ou=Testing,dc=stroeder,dc=com','wrong password') Traceback (most recent call last): File "<stdin>", line 1, in ? File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 435, in simple_bind_s self.bind_s(who,passwd,_ldap.AUTH_SIMPLE) File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 154, in bind_s self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 334, in result return self._ldap_call(self._l.result,msgid,all,timeout) File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90, in _ldap_call result = func(*args,**kwargs) ldap.INVALID_CREDENTIALS: {'info': '', 'desc': 'Invalid credentials'} >>> l.simple_bind_s('cn=Michael Stroeder,ou=Testing,dc=stroeder,dc=com','wrong password') Traceback (most recent call last): File "<stdin>", line 1, in ? File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 435, in simple_bind_s self.bind_s(who,passwd,_ldap.AUTH_SIMPLE) File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 154, in bind_s self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 334, in result return self._ldap_call(self._l.result,msgid,all,timeout) File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90, in _ldap_call result = func(*args,**kwargs) ldap.INAPPROPRIATE_AUTH: {'info': '', 'desc': 'Inappropriate authentication'} >>> l.simple_bind_s('uid=anna,ou=Testing,dc=stroeder,dc=com','anna') >>> |
|
From: Michael E. <men...@ka...> - 2003-05-01 19:02:38
|
OK - did some testing. When I use this simple piece of test code (note that the password is=20 invalid) import ldap dn =3D "cn=3DDirectory Manager, o=3Dtestcompany.com" password =3D '1234567890' server =3D ldap.open("127.0.0.1") server.simple_bind(dn, password) print "got here" This binds to the server and no exception is thrown (even though the=20 password is invalid). When I do this from the command line: [StoneGroove:~/Desktop] mengelhart% ldapsearch -D "cn=3DDirectory=20 Manager,o=3Dtestcompany.com" -W -x "(ou=3DPeople)" Enter LDAP Password: 1234567890 ldap_bind: Invalid credentials (49) I am unable to bind because of the bogus password. Any other thoughts on what may be causing this problem under=20 python-ldap and not ldapsearch? Thanks Mike On Thursday, May 1, 2003, at 12:34 PM, Michael Str=F6der wrote: > Michael Engelhart wrote: >> Hmm. OK - well below are the relevant snippets from LDAPWrapper=20 >> class. When I pass in a valid dn for "user" and an incorrect=20 >> password, it still binds. It appears to bind as a user that has no=20= >> privileges but it doesn't throw an exception. > > Strange. Maybe some problems with ACLs (check=20 > http://www.openldap.org/faq/data/cache/189.html)? > > Below's a test I did with my local server. > 1. ldap.INVALID_CREDENTIALS is raised if the password provided does=20 > not match value of attribute 'userPassword'. > 2. ldap.INAPPROPRIATE_AUTH is raised if entry does not have attribute=20= > 'userPassword' at all. > 3. It only binds in the case the password matches. > > Best bet is trying to reproduce the same behaviour with OpenLDAP's=20 > ldapsearch and ask on the openldap-software mailing list. > > Ciao, Michael. > > ------------------------------- snip ------------------------------- > >>> import ldap > >>> l=3Dldap.initialize('ldap://localhost:1390') > >>> l.simple_bind_s('uid=3Danna,ou=3DTesting,dc=3Dstroeder,dc=3Dcom','wr= ong=20 > password') > Traceback (most recent call last): > File "<stdin>", line 1, in ? > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 435, in simple_bind_s > self.bind_s(who,passwd,_ldap.AUTH_SIMPLE) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 154, in bind_s > self.result(msgid,all=3D1,timeout=3Dself.timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 334, in result > return self._ldap_call(self._l.result,msgid,all,timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90,=20= > in _ldap_call > result =3D func(*args,**kwargs) > ldap.INVALID_CREDENTIALS: {'info': '', 'desc': 'Invalid credentials'} > >>> l.simple_bind_s('cn=3DMichael=20 > Stroeder,ou=3DTesting,dc=3Dstroeder,dc=3Dcom','wrong password') > Traceback (most recent call last): > File "<stdin>", line 1, in ? > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 435, in simple_bind_s > self.bind_s(who,passwd,_ldap.AUTH_SIMPLE) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 154, in bind_s > self.result(msgid,all=3D1,timeout=3Dself.timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line=20 > 334, in result > return self._ldap_call(self._l.result,msgid,all,timeout) > File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90,=20= > in _ldap_call > result =3D func(*args,**kwargs) > ldap.INAPPROPRIATE_AUTH: {'info': '', 'desc': 'Inappropriate=20 > authentication'} > >>> l.simple_bind_s('uid=3Danna,ou=3DTesting,dc=3Dstroeder,dc=3Dcom','an= na') > >>> > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > |
|
From: Michael E. <men...@ka...> - 2003-05-07 17:41:27
|
I'm still losing my mind with why my python-ldap won't throw authentication errors when invalid passwords are passed I removed all my openldap data from the /var/db/openldap directories and subdirectories and created a basic slapd.conf file as shown here: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args allows bind_v2 schemacheck off database ldbm suffix "o=number1customer.com" rootdn "cn=Directory Manager,o=number1customer.com" rootpw secret directory /var/db/openldap/openldap-data/number1customer.com/ cachesize 1000000 dbcachesize 10000000 index uid,cn,sn,givenName pres,eq,sub sizelimit 20000 access to * by self write by dn="cn=Directory Manager,o=number1customer.com" write by * none Then did this code import ldap try: l = ldap.open("127.0.0.1") # you should set this to ldap.VERSION2 if you're using a v2 directory l.protocol_version = ldap.VERSION2 username = "cn=bogus-cn, o=wrongcompany.com" password = "sjadfkjasfjkl" l.simple_bind(username, password) print "got here" except ldap.LDAPError, e: print e This output "got here" with no exceptions. I still can't figure out how to force python-ldap to throw an exception upon entering an invalid dn or password or combination thereof. Any help would be greatly appreciated. This is definitely a python-ldap issue because when I try and do an ldapsearch on the command line it gives an error message saying that the dn or password is invalid. Any help or ideas of where to look would be greatly appreciated. I'm running this on Mac OS X (Darwin). Everything else works perfectly. Mike |
|
From: <mi...@st...> - 2003-05-07 18:02:42
|
Michael Engelhart wrote: > I'm still losing my mind with why my python-ldap won't throw > authentication errors when invalid passwords are passed Hmm... > I still can't figure out how > to force python-ldap to throw an exception upon entering an invalid dn > or password or combination thereof. You don't have to force python-ldap to throw the exception. If the error code returned by the LDAP server is non-zero there is always an appropriate LDAPError exception raised. > This is definitely a > python-ldap issue because when I try and do an ldapsearch on the command > line it gives an error message saying that the dn or password is invalid. I doubt that. Check whether you _ldap.so uses the right OpenLDAP libs. Ciao, Michael. |
|
From: Michael E. <men...@ka...> - 2003-05-07 18:17:36
|
how do I tell if it's using the "right" libraries? I'm using pre06 and=20= built it against the only libraries that are on my Mac OS X box which=20 comes with openldap 2.0.x libs installed. Maybe I did build it=20 incorrectly??? thanks Mike On Wednesday, May 7, 2003, at 02:02 PM, Michael Str=F6der wrote: > Michael Engelhart wrote: >> I'm still losing my mind with why my python-ldap won't throw=20 >> authentication errors when invalid passwords are passed > > Hmm... > >> I still can't figure out how to force python-ldap to throw an=20 >> exception upon entering an invalid dn or password or combination=20 >> thereof. > > You don't have to force python-ldap to throw the exception. If the=20 > error code returned by the LDAP server is non-zero there is always an=20= > appropriate LDAPError exception raised. > >> This is definitely a python-ldap issue because when I try and do an=20= >> ldapsearch on the command line it gives an error message saying that=20= >> the dn or password is invalid. > > I doubt that. > > Check whether you _ldap.so uses the right OpenLDAP libs. > > Ciao, Michael. > |
|
From: <mi...@st...> - 2003-05-07 21:44:28
|
Michael Engelhart wrote:
> how do I tell if it's using the "right" libraries?
Under Linux there's ldd. Not sure about Mac OS X though. On my Linux system
it looks like this:
$ ldd /usr/lib/python2.2/site-packages/_ldap.so
libldap_r.so.2 =>
/usr/local/openldap-REL_ENG_2_1/lib/libldap_r.so.2 (0x40010000)
liblber.so.2 => /usr/local/openldap-REL_ENG_2_1/lib/liblber.so.2
(0x40059000)
libsasl2.so.2 => /usr/local/cyrus-sasl/lib/libsasl2.so.2 (0x40067000)
libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x4008b000)
libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x400bc000)
libc.so.6 => /lib/libc.so.6 (0x40192000)
libresolv.so.2 => /lib/libresolv.so.2 (0x402b0000)
libdl.so.2 => /lib/libdl.so.2 (0x402c2000)
libkrb5.so.17 => /usr/lib/libkrb5.so.17 (0x402c5000)
libasn1.so.5 => /usr/lib/libasn1.so.5 (0x402fc000)
libroken.so.9 => /usr/lib/libroken.so.9 (0x4031e000)
libcom_err.so.1 => /usr/lib/libcom_err.so.1 (0x40330000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40334000)
libdb-4.0.so => /usr/lib/libdb-4.0.so (0x40365000)
> I'm using pre06
Please always try with latest and greatest (python-ldap 2.0.0pre11 at the
moment). But I'm pretty sure that's not your problem.
> and
> built it against the only libraries that are on my Mac OS X box which
> comes with openldap 2.0.x libs installed.
Exact version of OpenLDAP? Note that OpenLDAP 2.0.x is not actively
maintained anymore.
> Maybe I did build it incorrectly???
Please post setup.cfg.
Ciao, Michael.
|
|
From: Michael E. <men...@ka...> - 2003-05-08 01:47:12
|
WEll I successfully built BerkeleyDB 4.1.25, OpenLDAP 2.1.18 and now=20 I'm trying to get pre11 compiled and am getting errors. No doubt due=20 to the OS X oddities. I'm not sure if it's distutil that causes this=20= but this is the error: Modules/options.c: In function `LDAP_get_option': Modules/options.c:151: warning: unused variable `doubleval' gcc -arch i386 -arch ppc -bundle -flat_namespace -undefined suppress=20 build/temp.darwin-6.5-Power Macintosh-2.2/LDAPObject.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/common.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/constants.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/errors.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/functions.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/schema.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/ldapmodule.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/linkedlist.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/message.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/version.o=20 build/temp.darwin-6.5-Power Macintosh-2.2/options.o -L/usr/local/lib=20 -Wl,-R/usr/local/lib -lldap -llber -o build/lib.darwin-6.5-Power=20 Macintosh-2.2/_ldap.so ld: for architecture i386 ld: unknown flag: -R/usr/local/lib error: command 'gcc' failed with exit status 1 I don't know why both -arch i1386 & -arch ppc show up Also not sure why the -R/usr/local/lib is causing trouble Any ideas? Thanks Mike On Wednesday, May 7, 2003, at 05:44 PM, Michael Str=F6der wrote: > Michael Engelhart wrote: >> how do I tell if it's using the "right" libraries? > > Under Linux there's ldd. Not sure about Mac OS X though. On my Linux=20= > system it looks like this: > > $ ldd /usr/lib/python2.2/site-packages/_ldap.so > libldap_r.so.2 =3D>=20 > /usr/local/openldap-REL_ENG_2_1/lib/libldap_r.so.2 (0x40010000) > liblber.so.2 =3D>=20 > /usr/local/openldap-REL_ENG_2_1/lib/liblber.so.2 (0x40059000) > libsasl2.so.2 =3D> /usr/local/cyrus-sasl/lib/libsasl2.so.2=20 > (0x40067000) > libssl.so.0.9.6 =3D> /usr/lib/libssl.so.0.9.6 (0x4008b000) > libcrypto.so.0.9.6 =3D> /usr/lib/libcrypto.so.0.9.6 = (0x400bc000) > libc.so.6 =3D> /lib/libc.so.6 (0x40192000) > libresolv.so.2 =3D> /lib/libresolv.so.2 (0x402b0000) > libdl.so.2 =3D> /lib/libdl.so.2 (0x402c2000) > libkrb5.so.17 =3D> /usr/lib/libkrb5.so.17 (0x402c5000) > libasn1.so.5 =3D> /usr/lib/libasn1.so.5 (0x402fc000) > libroken.so.9 =3D> /usr/lib/libroken.so.9 (0x4031e000) > libcom_err.so.1 =3D> /usr/lib/libcom_err.so.1 (0x40330000) > /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0x80000000) > libcrypt.so.1 =3D> /lib/libcrypt.so.1 (0x40334000) > libdb-4.0.so =3D> /usr/lib/libdb-4.0.so (0x40365000) > >> I'm using pre06 > > Please always try with latest and greatest (python-ldap 2.0.0pre11 at=20= > the moment). But I'm pretty sure that's not your problem. > >> and built it against the only libraries that are on my Mac OS X box=20= >> which comes with openldap 2.0.x libs installed. > > Exact version of OpenLDAP? Note that OpenLDAP 2.0.x is not actively=20 > maintained anymore. > >> Maybe I did build it incorrectly??? > > Please post setup.cfg. > > Ciao, Michael. > > > > ------------------------------------------------------- > Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara > The only event dedicated to issues related to Linux enterprise=20 > solutions > www.enterpriselinuxforum.com > > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev > |
|
From: Steven G. <sg...@wu...> - 2003-05-08 04:44:25
|
Apple has modifed gcc (and ld) to allow what they call "fat" binaries, essentially binaries/libraries that have the ability to run in both architectures. So the '-arch i386' isn't necessarily wrong, but it shouldn'= t hurt to take it out. Looking at the ld(1) man page, it shows -L is used instead of -R. The configure script might be a little confused about the system (OS X can do that). -Steve On 5/7/03 6:46 PM, "Michael Engelhart" <men...@ka...> wrote: > WEll I successfully built BerkeleyDB 4.1.25, OpenLDAP 2.1.18 and now > I'm trying to get pre11 compiled and am getting errors. No doubt due > to the OS X oddities. I'm not sure if it's distutil that causes this > but this is the error: >=20 > Modules/options.c: In function `LDAP_get_option': > Modules/options.c:151: warning: unused variable `doubleval' > gcc -arch i386 -arch ppc -bundle -flat_namespace -undefined suppress > build/temp.darwin-6.5-Power Macintosh-2.2/LDAPObject.o > build/temp.darwin-6.5-Power Macintosh-2.2/common.o > build/temp.darwin-6.5-Power Macintosh-2.2/constants.o > build/temp.darwin-6.5-Power Macintosh-2.2/errors.o > build/temp.darwin-6.5-Power Macintosh-2.2/functions.o > build/temp.darwin-6.5-Power Macintosh-2.2/schema.o > build/temp.darwin-6.5-Power Macintosh-2.2/ldapmodule.o > build/temp.darwin-6.5-Power Macintosh-2.2/linkedlist.o > build/temp.darwin-6.5-Power Macintosh-2.2/message.o > build/temp.darwin-6.5-Power Macintosh-2.2/version.o > build/temp.darwin-6.5-Power Macintosh-2.2/options.o -L/usr/local/lib > -Wl,-R/usr/local/lib -lldap -llber -o build/lib.darwin-6.5-Power > Macintosh-2.2/_ldap.so > ld: for architecture i386 > ld: unknown flag: -R/usr/local/lib > error: command 'gcc' failed with exit status 1 >=20 >=20 > I don't know why both -arch i1386 & -arch ppc show up > Also not sure why the -R/usr/local/lib is causing trouble >=20 > Any ideas? >=20 > Thanks > Mike > On Wednesday, May 7, 2003, at 05:44 PM, Michael Str=F6der wrote: >=20 >> Michael Engelhart wrote: >>> how do I tell if it's using the "right" libraries? >>=20 >> Under Linux there's ldd. Not sure about Mac OS X though. On my Linux >> system it looks like this: >>=20 >> $ ldd /usr/lib/python2.2/site-packages/_ldap.so >> libldap_r.so.2 =3D> >> /usr/local/openldap-REL_ENG_2_1/lib/libldap_r.so.2 (0x40010000) >> liblber.so.2 =3D> >> /usr/local/openldap-REL_ENG_2_1/lib/liblber.so.2 (0x40059000) >> libsasl2.so.2 =3D> /usr/local/cyrus-sasl/lib/libsasl2.so.2 >> (0x40067000) >> libssl.so.0.9.6 =3D> /usr/lib/libssl.so.0.9.6 (0x4008b000) >> libcrypto.so.0.9.6 =3D> /usr/lib/libcrypto.so.0.9.6 (0x400bc000) >> libc.so.6 =3D> /lib/libc.so.6 (0x40192000) >> libresolv.so.2 =3D> /lib/libresolv.so.2 (0x402b0000) >> libdl.so.2 =3D> /lib/libdl.so.2 (0x402c2000) >> libkrb5.so.17 =3D> /usr/lib/libkrb5.so.17 (0x402c5000) >> libasn1.so.5 =3D> /usr/lib/libasn1.so.5 (0x402fc000) >> libroken.so.9 =3D> /usr/lib/libroken.so.9 (0x4031e000) >> libcom_err.so.1 =3D> /usr/lib/libcom_err.so.1 (0x40330000) >> /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0x80000000) >> libcrypt.so.1 =3D> /lib/libcrypt.so.1 (0x40334000) >> libdb-4.0.so =3D> /usr/lib/libdb-4.0.so (0x40365000) >>=20 >>> I'm using pre06 >>=20 >> Please always try with latest and greatest (python-ldap 2.0.0pre11 at >> the moment). But I'm pretty sure that's not your problem. >>=20 >>> and built it against the only libraries that are on my Mac OS X box >>> which comes with openldap 2.0.x libs installed. >>=20 >> Exact version of OpenLDAP? Note that OpenLDAP 2.0.x is not actively >> maintained anymore. >>=20 >>> Maybe I did build it incorrectly??? >>=20 >> Please post setup.cfg. >>=20 >> Ciao, Michael. >>=20 >>=20 >>=20 >> ------------------------------------------------------- >> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara >> The only event dedicated to issues related to Linux enterprise >> solutions >> www.enterpriselinuxforum.com >>=20 >> _______________________________________________ >> Python-LDAP-dev mailing list >> Pyt...@li... >> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev >>=20 >=20 >=20 >=20 > ------------------------------------------------------- > Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara > The only event dedicated to issues related to Linux enterprise solutions > www.enterpriselinuxforum.com >=20 > _______________________________________________ > Python-LDAP-dev mailing list > Pyt...@li... > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev >=20 ---- Steven Graham sg...@wu... |
|
From: <mi...@st...> - 2003-05-08 07:07:19
|
Steven Graham wrote: > > Looking at the ld(1) man page, it shows -L is used instead of -R. The > configure script might be a little confused about the system (OS X can do > that). We had this discussion before with Steven being one of the participants. :-) Please, check the python-ldap list archive for thread "still probs to compile python-ldap on macosx". Ciao, Michael. |
|
From: Michael E. <men...@ka...> - 2003-05-08 09:07:47
|
Thanks Steve for pointing me in the right direction!
This -arch flag has been driving me crazy on various software compiles.
Why on earth the "default" is to build fat binaries is beyond me since
the amount of people running darwin on i386 is probably in the tens of
people :-)
Anyway, I did the patch to /usr/lib/python2.2/distutils/util.pyt
mentioned in the "still probs to compile python-ldap on macosx" which
didn't fix the problem at all. Same errors. I think the poster was
incorrect in his belief that the linker didn't like the "space" in the
build directory names but I'm not sure.
Anyway I removed the patch to util.py that was suggested because it
didn't do anything towards fixing the problem and I think was based on
an incorrect assumption about the linker.
What did help was getting rid of the -R flag for ld.
since ld -R gives an unknown flag error I figured it couldn't hurt to
edit my
/usr/lib/python2.2/distutils/unixccompiler.py file and change the
def runtime_library_dir_option (self, dir):
function to read
if compiler == "gcc" or compiler == "g++":
return "-Wl,-L" + dir
else:
return "-L" + dir
instead of the default Apple install which is
if compiler == "gcc" or compiler == "g++":
return "-Wl,-R" + dir
else:
return "-R" + dir
I also filed a bug report with Apple.
This still gave me warnings about the -arch i1386 not being found but
it built _ldap.so successfully as I believe all the -arch messages were
just warnings.
Mike
On Thursday, May 8, 2003, at 12:44 AM, Steven Graham wrote:
> Apple has modifed gcc (and ld) to allow what they call "fat" binaries,
> essentially binaries/libraries that have the ability to run in both
> architectures. So the '-arch i386' isn't necessarily wrong, but it
> shouldn't
> hurt to take it out.
>
> Looking at the ld(1) man page, it shows -L is used instead of -R. The
> configure script might be a little confused about the system (OS X can
> do
> that).
>
> -Steve
>
|
|
From: Michael E. <men...@ka...> - 2003-05-08 10:10:16
|
OK - got my shiny new OpenLDAP 2.1.18 built and pre11 built and when I=20=
run the following test script with an invalid password like this
import ldap
try:
l =3D ldap.open("127.0.0.1")
dn =3D "cn=3DDirectory Manager, o=3Dmydomain.com"
password =3D "test"
l.simple_bind(dn, password)
print "got here"
except ldap.LDAPError, e:
print e
it prints out "got here"
I tried changing the dn and password to invalid entries in a bunch of=20
different combinations but it always allows me to bind.
Here's my slapd.conf which is basically the default config
## default ACl
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "o=3Dmydomain.com"
rootdn "cn=3DDirectory Manager,o=3Dmydomain.com"
rootpw secret
directory /usr/local/var/openldap-data/mydomain.com/
index uid,cn,sn,givenName pres,eq,sub
So is this a configuration issue with openldap? I admit I don't fully=20=
understand ACL's but this appears to say that the default access is
Allow self write access
Allow authenticated users read access
Allow anonymous users to authenticate
which if I'm correct would cause python-ldap to throw an Exception if I=20=
passed in an invalid dn/password.
Thanks for any help.
Michael
On Wednesday, May 7, 2003, at 05:44 PM, Michael Str=F6der wrote:
> Michael Engelhart wrote:
>> how do I tell if it's using the "right" libraries?
>
> Under Linux there's ldd. Not sure about Mac OS X though. On my Linux=20=
> system it looks like this:
>
> $ ldd /usr/lib/python2.2/site-packages/_ldap.so
> libldap_r.so.2 =3D>=20
> /usr/local/openldap-REL_ENG_2_1/lib/libldap_r.so.2 (0x40010000)
> liblber.so.2 =3D>=20
> /usr/local/openldap-REL_ENG_2_1/lib/liblber.so.2 (0x40059000)
> libsasl2.so.2 =3D> /usr/local/cyrus-sasl/lib/libsasl2.so.2=20
> (0x40067000)
> libssl.so.0.9.6 =3D> /usr/lib/libssl.so.0.9.6 (0x4008b000)
> libcrypto.so.0.9.6 =3D> /usr/lib/libcrypto.so.0.9.6 =
(0x400bc000)
> libc.so.6 =3D> /lib/libc.so.6 (0x40192000)
> libresolv.so.2 =3D> /lib/libresolv.so.2 (0x402b0000)
> libdl.so.2 =3D> /lib/libdl.so.2 (0x402c2000)
> libkrb5.so.17 =3D> /usr/lib/libkrb5.so.17 (0x402c5000)
> libasn1.so.5 =3D> /usr/lib/libasn1.so.5 (0x402fc000)
> libroken.so.9 =3D> /usr/lib/libroken.so.9 (0x4031e000)
> libcom_err.so.1 =3D> /usr/lib/libcom_err.so.1 (0x40330000)
> /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0x80000000)
> libcrypt.so.1 =3D> /lib/libcrypt.so.1 (0x40334000)
> libdb-4.0.so =3D> /usr/lib/libdb-4.0.so (0x40365000)
>
>> I'm using pre06
>
> Please always try with latest and greatest (python-ldap 2.0.0pre11 at=20=
> the moment). But I'm pretty sure that's not your problem.
>
>> and built it against the only libraries that are on my Mac OS X box=20=
>> which comes with openldap 2.0.x libs installed.
>
> Exact version of OpenLDAP? Note that OpenLDAP 2.0.x is not actively=20
> maintained anymore.
>
>> Maybe I did build it incorrectly???
>
> Please post setup.cfg.
>
> Ciao, Michael.
>
>
>
> -------------------------------------------------------
> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
> The only event dedicated to issues related to Linux enterprise=20
> solutions
> www.enterpriselinuxforum.com
>
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>
|
|
From: <mi...@st...> - 2003-05-08 10:44:07
|
Michael Engelhart wrote:
> OK - got my shiny new OpenLDAP 2.1.18 built and pre11 built and when I
> run the following test script with an invalid password like this
> [..]
> l.simple_bind(dn, password)
Well, the problem was so simple that I didn't notice it before.
l.simple_bind_s(dn, password)
^^^
Use the synchronous method!
Ciao, Michael.
|
|
From: Michael E. <men...@ka...> - 2003-05-08 12:07:36
|
Thanks. I actually had tried that yesterday thinking that was the=20
problem but then, as now, I get this error when I try to do any=20
simple_bind_s() no matter what I pass as paramenters.
>>> l.simple_bind_s("cn=3DDirectory Manager,o=3Dmydomain.com","secret")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 435,=20=
in simple_bind_s
self.bind_s(who,passwd,_ldap.AUTH_SIMPLE)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 154,=20=
in bind_s
self.result(msgid,all=3D1,timeout=3Dself.timeout)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 334,=20=
in result
return self._ldap_call(self._l.result,msgid,all,timeout)
File "/usr/lib/python2.2/site-packages/ldap/ldapobject.py", line 90,=20=
in _ldap_call
result =3D func(*args,**kwargs)
ldap.PROTOCOL_ERROR: {'info': 'requested protocol version not allowed',=20=
'desc': 'Protocol error'}
On Thursday, May 8, 2003, at 06:43 AM, Michael Str=F6der wrote:
> Michael Engelhart wrote:
> > OK - got my shiny new OpenLDAP 2.1.18 built and pre11 built and when=20=
> I
> > run the following test script with an invalid password like this
> > [..]
> > l.simple_bind(dn, password)
>
> Well, the problem was so simple that I didn't notice it before.
>
> l.simple_bind_s(dn, password)
> ^^^
> Use the synchronous method!
>
> Ciao, Michael.
>
>
>
> -------------------------------------------------------
> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
> The only event dedicated to issues related to Linux enterprise=20
> solutions
> www.enterpriselinuxforum.com
>
> _______________________________________________
> Python-LDAP-dev mailing list
> Pyt...@li...
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
>
|
|
From: <mi...@st...> - 2003-05-08 12:12:05
|
Michael Engelhart wrote:
> ldap.PROTOCOL_ERROR: {'info': 'requested protocol version not allowed',
'desc': 'Protocol error'}
Set l.protocol_version to match your server configuration.
Most times set it to 3 (ldap.VERSION3) since LDAPv2 servers get rare...
Ciao, Michael.
|
|
From: <mi...@st...> - 2003-05-07 18:08:14
|
Michael Engelhart wrote:
> l = ldap.open("127.0.0.1")
BTW: Another nice feature for finding errors is python-ldap's tracing.
Try with:
l = ldap.open("127.0.0.1",trace_level=2)
Ciao, Michael.
|
|
From: <mi...@st...> - 2003-05-01 16:35:37
|
Michael Engelhart wrote:
> class LDAPWrapper:
>
> def __init__(self, user="", password=""):
> try:
> self.server = ldap.open("127.0.0.1")
> self.server.simple_bind(user, password)
Note also that 'user' has to be a complete DN of an existing entry!
Ciao, Michael.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X