Menu
▾
▴
python-ldap-dev
|
From:
<m.z...@ew...> - 2007-08-07 19:04:56
|
SGksDQoNCkknbSB1c2luZyB0aGUgcHl0aG9uLWxkYXAgbW9kdWxlIGZvciBXaW4zMiB0byBidWls ZCBhbiBhcHBsaWNhdGlvbiB3aGljaCBpcyBhYmxlIHRvIGZpbmQgdXNlcnMgaW4gYW4gTERBUCBk aXJlY3RvcnkuDQoNCkEgZmV3IGRheXMgYWdvIEkgdHJpZWQgdGhlIGZpcnN0IHRpbWUgYSBzdWJ0 cmVlIHNlYXJjaCBzdGFydGluZyBhdCB0aGUgcm9vdCBvZiBhbiBBY3RpdmUgRGlyZWN0b3J5IG9u IGEgV2luZG93cyAyMDAzIFNlcnZlci4gQmVmb3JlIEkgZGlkIG9ubHkgYSBzZWFyY2ggc3RhcnRp bmcgYXQgYSBzaW5nbGUgQ04gb3IgT1UuIFdoZW4gZG9pbmcgdGhpcyBzZWFyY2ggZnJvbSB0aGUg cm9vdCBvZiB0aGUgdHJlZSBJIGdvdCB0aGUgZm9sbG93aW5nIGVycm9yIG1lc3NhZ2UuDQoNCk9w ZXJhdGlvbnMgZXJyb3INCjAwMDAwMDAwOiBMZGFwRXJyOiBEU0lELTBDMDkwNjI3LCBjb21tZW50 OiBJbiBvcmRlciB0byBwZXJmb3JtIHRoaXMgb3BlcmF0aW9uIGEgc3VjY2Vzc2Z1bCBiaW5kIG11 c3QgYmUgY29tcGxldGVkIG9uIHRoZSBjb25uZWN0aW9uLiwgZGF0YSAwLCB2ZWNlDQoNCkNvbm5l Y3RpbmcgYW5kIGJpbmRpbmcgdG8gdGhlIHNlcnZlciBpcyB3b3JraW5nIGZsYXdsZXNzbHkuIFNl YXJjaGluZyBzdWJ0cmVlcyBpcyB3b3JraW5nIGFzIHdlbGwuDQoNCkkgZGlkIGFsc28gYSB0ZXN0 IHdpdGggdGhlIGxkcCBjbGllbnQgb2YgdGhlIE1pY3Jvc29mdCBTdXBwb3J0IFRvb2xzIHBhY2th Z2VbMV0sIGp1c3QgdG8gdmVyaWZ5IHRoYXQgYWxsIHByaXZpbGVnZXMgYXJlIGNvcnJlY3QuIFdp dGggdGhpcyBjbGllbnQgYSBzZWFyY2ggd2l0aCB0aGUgc2FtZSBmaWx0ZXIgZnJvbSB0aGUgcm9v dCBvZiB0aGUgZGlyZWN0b3J5IGlzIHdvcmtpbmcuDQoNCkkgdHJpZWQgTWF1cm8ncyBQeXRob24t TERBUCAyLjAuNiBmb3IgV2luMzIgYW5kIFRvcnN0ZW4gS3VyYmFkJ3MgV2luMzIgZWdnIGZvciAy LjMuMS4gQm90aCBhcmUgd29ya2luZyBncmVhdCB1bnRpbCBpdCBjb21lcyB0byB0aGUgcm9vdCBv ZiB0aGUgV2luZG93cyAyMDAzIExEQVAuDQoNCkhhcyBhbnlvbmUgYSBoaW50IHdoYXQgdGhlIHBy b2JsZW0gY291bGQgYmU/DQoNCk1hbnkgdGhhbmtzIGZvciB5b3VyIGhlbHAgaW4gYWR2YW5jZS4N Cg0KDQpXaXRoIGtpbmQgcmVnYXJkcw0KDQoNCk1hcmt1cyBaYXBrZS1HcsO8bmRlbWFubg0KDQpb MV0gaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2Rvd25sb2Fkcy9kZXRhaWxzLmFzcHg/ZmFtaWx5 aWQ9NDlhZTg1NzYtOWJiOS00MTI2LTk3NjEtYmE4MDExZmFiZjM4DQo= |
|
From: <mi...@st...> - 2007-08-07 21:14:34
|
Markus Zapke-Gr=C3=BCndemann wrote: >=20 > A few days ago I tried the first time a subtree search starting at > the root of an Active Directory on a Windows 2003 Server. This returns no results (if authenticated). So there's no point trying that. You should rather read namingContexts or defaultNamingContext from rootDSE (base search) to determine the search root on a particular DC. > Operations error > 00000000: LdapErr: DSID-0C090627, comment: In order to perform this > operation a successful bind must be completed on the connection., > data 0, vece Then you tried to connect anonymously which is prohibited in AD's default configuration. > Connecting and binding to the server is working flawlessly. Searching > subtrees is working as well. If you bind everything which is possible in AD should work. > I did also a test with the ldp client of the Microsoft Support Tools > package[1], just to verify that all privileges are correct. With this > client a search with the same filter from the root of the directory > is working. And what did the client return as results? Maybe ldp.exe is using SASL/GSSAPI bind based on your Windows workstation logon seamless without you taking notice of it. And maybe ldp.exe also looks at defaultNamingContext in the rootDSE... Best thing to find out what a client really does it using Wireshark. Ciao, Michael. |
|
From:
<m.z...@ew...> - 2007-08-08 15:13:12
|
SGFsbG8gTWljaGFlbC4NCg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBNYXJrdXMg WmFwa2UtR3LDvG5kZW1hbm4gd3JvdGU6DQo+ID4gDQo+ID4gQSBmZXcgZGF5cyBhZ28gSSB0cmll ZCB0aGUgZmlyc3QgdGltZSBhIHN1YnRyZWUgc2VhcmNoIHN0YXJ0aW5nIGF0DQo+ID4gdGhlIHJv b3Qgb2YgYW4gQWN0aXZlIERpcmVjdG9yeSBvbiBhIFdpbmRvd3MgMjAwMyBTZXJ2ZXIuDQo+IA0K PiBUaGlzIHJldHVybnMgbm8gcmVzdWx0cyAoaWYgYXV0aGVudGljYXRlZCkuIFNvIHRoZXJlJ3Mg bm8gcG9pbnQgdHJ5aW5nDQo+IHRoYXQuIFlvdSBzaG91bGQgcmF0aGVyIHJlYWQgbmFtaW5nQ29u dGV4dHMgb3IgDQo+IGRlZmF1bHROYW1pbmdDb250ZXh0IGZyb20NCj4gcm9vdERTRSAoYmFzZSBz ZWFyY2gpIHRvIGRldGVybWluZSB0aGUgc2VhcmNoIHJvb3Qgb24gYSBwYXJ0aWN1bGFyIERDLg0K VGhpcyBpcyBhIGdvb2Qgc3VnZ2VzdGlvbi4gSSB3aWxsIHRyeSBpdC4NCg0KPiA+IE9wZXJhdGlv bnMgZXJyb3INCj4gPiAwMDAwMDAwMDogTGRhcEVycjogRFNJRC0wQzA5MDYyNywgY29tbWVudDog SW4gb3JkZXIgdG8gcGVyZm9ybSB0aGlzDQo+ID4gb3BlcmF0aW9uIGEgc3VjY2Vzc2Z1bCBiaW5k IG11c3QgYmUgY29tcGxldGVkIG9uIHRoZSBjb25uZWN0aW9uLiwNCj4gPiBkYXRhIDAsIHZlY2UN Cj4gDQo+IFRoZW4geW91IHRyaWVkIHRvIGNvbm5lY3QgYW5vbnltb3VzbHkgd2hpY2ggaXMgcHJv aGliaXRlZCBpbiBBRCdzDQo+IGRlZmF1bHQgY29uZmlndXJhdGlvbi4NClRoaXMgaXMgYWxzbyB3 aGF0IEkgcmVhZCBvbiB0aGlzIGVycm9yIGNvZGUuIEJ1dCB3aGVuIEkgdXNlIHRoZSBzYW1lIGNy ZWRlbnRpYWxzIG9uIGEgZGlmZmVucmVudCBETiBiZWxvdyB0aGUgcm9vdCBldmVyeXRoaW5nIHdv cmtzLiBUaGlzIG1ha2VzIG1lIHdvbmRlci4NCg0KPiA+IEkgZGlkIGFsc28gYSB0ZXN0IHdpdGgg dGhlIGxkcCBjbGllbnQgb2YgdGhlIE1pY3Jvc29mdCBTdXBwb3J0IFRvb2xzDQo+ID4gcGFja2Fn ZVsxXSwganVzdCB0byB2ZXJpZnkgdGhhdCBhbGwgcHJpdmlsZWdlcyBhcmUgY29ycmVjdC4gDQo+ IFdpdGggdGhpcw0KPiA+IGNsaWVudCBhIHNlYXJjaCB3aXRoIHRoZSBzYW1lIGZpbHRlciBmcm9t IHRoZSByb290IG9mIHRoZSBkaXJlY3RvcnkNCj4gPiBpcyB3b3JraW5nLg0KPiANCj4gQW5kIHdo YXQgZGlkIHRoZSBjbGllbnQgcmV0dXJuIGFzIHJlc3VsdHM/DQpJdCByZXR1cm5lZCB0aGUgcmVz dWx0cyBhcyBJIGV4cGVjdGVkIGl0LiBJIGRpZCBhIHN1YnRyZWUgc2VhcmNoIHdpdGggdGhlIGZv bGxvd2luZyBmaWx0ZXI6DQoNCigmKCEodXNlckFjY291bnRDb250cm9sPTUxNCkpKCYoY29tcGFu eT0qKSkoJih8KGNuPSplKikoc249KmUqKShnaXZlbk5hbWU9KmUqKShtYWlsPSplKikodGVsZXBo b25lTnVtYmVyPSplKikob3RoZXJUZWxlcGhvbmU9KmUqKShmYWNzaW1pbGVUZWxlcGhvbmVOdW1i ZXI9KmUqKShtb2JpbGU9KmUqKShtZW1iZXJPZj0qZSopKHBoeXNpY2FsRGVsaXZlcnlPZmZpY2VO YW1lPSplKikodGl0bGU9KmUqKSkpKG9iamVjdENsYXNzPXBlcnNvbikpDQoNCj4gTWF5YmUgbGRw LmV4ZSBpcyB1c2luZyBTQVNML0dTU0FQSSBiaW5kIGJhc2VkIG9uIHlvdXIgV2luZG93cw0KPiB3 b3Jrc3RhdGlvbiBsb2dvbiBzZWFtbGVzcyB3aXRob3V0IHlvdSB0YWtpbmcgbm90aWNlIG9mIGl0 LiBBbmQgbWF5YmUNCj4gbGRwLmV4ZSBhbHNvIGxvb2tzIGF0IGRlZmF1bHROYW1pbmdDb250ZXh0 IGluIHRoZSByb290RFNFLi4uDQpJIGNvbm5lY3RlZCBhbmQgYm91bmQgdG8gdGhlIExEQVAgc2Vy dmVyIG1hbnVhbGx5IHVzaW5nIGxkcC5leGUuIE15IHdvcmtzdGF0aW9uIGlzIGluIGEgZGlmZmVy ZW50IGRvbWFpbi4gU28gSSB0aGluayB0aGVyZSBhcmUgbm8gb3RoZXIgY3JlZGVudGlhbHMgd2hp Y2ggY291bGQgYmUgdXNlZC4NCg0KPiBCZXN0IHRoaW5nIHRvIGZpbmQgb3V0IHdoYXQgYSBjbGll bnQgcmVhbGx5IGRvZXMgaXQgdXNpbmcgV2lyZXNoYXJrLg0KVGhpcyBpcyBhIGdvb2QgaWRlYS4g TWF5YmUgdGhlcmUgaXMgc29tZXRoaW5nIGhhcHBlbmluZyB1bmRlciB0aGUgaG9vZC4uLg0KDQpU aGFuayB5b3UgZm9yIHlvdXIgaGludHMuDQoNCg0KV2l0aCBraW5kIHJlZ2FyZHMNCg0KTWFya3Vz DQo= |
|
From: <mi...@st...> - 2007-08-08 22:49:11
|
Markus Zapke-Gr=C3=BCndemann wrote: > Michael Str=C3=B6der wrote: >> Markus Zapke-Gr=C3=BCndemann wrote: >>> Operations error >>> 00000000: LdapErr: DSID-0C090627, comment: In order to perform this >>> operation a successful bind must be completed on the connection., >>> data 0, vece >> Then you tried to connect anonymously which is prohibited in AD's >> default configuration. > This is also what I read on this error code. But when I use the same > credentials on a diffenrent DN below the root everything works. This > makes me wonder. Before I sent the answer I've tested it. It works as expected with web2ldap which is heavily based on python-ldap. So I wonder if you're code is exactly doing what you think it should do. ;-) Maybe a *small* test script would be helpful to find out. Ciao, Michael. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X