python-ldap-dev

Really strange error

[Jonathan H. <jh...@23...>]

Ok I am only mediocre at python so maybe this is a stupid mistake on  
my part, but I have exhausted my options from Google searches.

When I run the script below it binds successfully, but then when I try  
and run the search says it cannot contact the server. I have verified  
the service is running, ports are open, it binds without error so I am  
quite confused.

If someone could point at what I am doing wrong I would greatly  
appreciate it.

This may seem overly complicated but I am trying to build a framework  
with which I can run queries against the active directory domain.

Thanks in advance,

-Jonathan

Here is the output:

In [18]: run ldap-ad.py
ldap://my.company.example.com:389
Bind result: (97, []) <-- obviously a successful connection
Running search: (objectClass=user)(mail=*)
Can't contact LDAP server <-- now it can't connect

And here is the script:

#!/usr/bin/env python

import ldap, ldapurl, sys
# AD Hack
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)

def handle_ldap_exception(e):
	if type(e.message) == dict and e.message.has_key('info'):
		if e.message['info'] != '':
			print e.message['info']
	if type(e.message) == dict and e.message.has_key('desc'):
		if e.message['desc'] != '':
			print e.message['desc']
	else:
		print e

def get_ldap_url(dns_name, proto = 'ldap', port=0):
	if proto == 'ldap' and port == 0:
		port = 389
	elif proto =='ldaps' and port == 0:
		port = 636
	server = ldapurl.LDAPUrl(urlscheme=proto,
			hostport="%s:%s" % (dns_name, str(port))).initializeUrl()
	return server

base_dn = "cn=Users,dc=my,dc=company,dc=example,dc=com"
dn = 'User@Domain'
pw = "itsasecret"

ad_conn = ldap.initialize(get_ldap_url("ad-dc.my.company.example.com",  
proto = 'ldap'))
try:
	ad_conn.protocol_version = ldap.VERSION3
	bind = ad_conn.simple_bind_s(dn, pw)
	print "Bind result: " + str(bind)
except ldap.LDAPError, e:
	handle_ldap_exception(e)
	ad_conn.unbind_s()
	sys.exit()	

search_email='(objectClass=user)(mail=*)'

res_attrs = ['*']

print "Running search: %s" % search_email

try:
	res = ad_conn.search_s(base_dn, ldap.SCOPE_SUBTREE, search_email,  
res_attrs)
	result_set = []
	while True:
		result_type, result_data = ad_conn.result(res, 0)
		if (result_data == []):
			break
		else:
			if result_type == ldap.RES_SEARCH_ENTRY:
				result_set.append(result_data)
	print result_set
except ldap.LDAPError, e:
	handle_ldap_exception(e)
	ad_conn.unbind_s()
	sys.exit()	
	
ad_conn.unbind_s()

Re: Really strange error

[Michael S. <mi...@st...>]

Jonathan Hansen wrote:
> When I run the script below it binds successfully, but then when I try  
> and run the search says it cannot contact the server. I have verified  
> the service is running, ports are open, it binds without error so I am  
> quite confused.

You could use tracelevel=2 when calling ldap.initialize() to track 
things down. This generates debug output of the parameters passed to the 
LDAPObject methods and the results returned.

> This may seem overly complicated but I am trying to build a framework  
> with which I can run queries against the active directory domain.

Something like this? http://www.boskant.nl/trac/python-ad/

Ciao, Michael.

Re: Really strange error

[Michael S. <mi...@st...>]

Michael Ströder wrote:
> Jonathan Hansen wrote:
>> When I run the script below it binds successfully, but then when I 
>> try  and run the search says it cannot contact the server. I have 
>> verified  the service is running, ports are open, it binds without 
>> error so I am  quite confused.
> 
> You could use tracelevel=2 when calling ldap.initialize()

Sorry, it's argument trace_level like documented here:

http://python-ldap.sourceforge.net/doc/html/ldap.html#ldap.initialize

Ciao, Michael.

Re: Really strange error

[Michael S. <mi...@st...>]

Jonathan,

please stay on the mailing list.

Jonathan Hansen wrote:
> Turned that on and it's a little more confusing because I can SEE 
> results returned...

The output '=> LDAPError' in the trace log shows that an exception was 
raised derived from an error code returned by the underlying OpenLDAP 
client libs.

> PS: Here is the befuddling output in case it tells you more than it does 
> me.

Note that the LDAP URL behind *** shows for which connection the 
operation was invoked. So let's see...

> *** ldap://dc1.mv.corp.23andme.com:389 - SimpleLDAPObject.simple_bind 
> (('user@Domain', 'password', None, None),{})
 > [..]
> *** ldap://ad-dc.my.company.example.com:389 - 
> SimpleLDAPObject.search_ext 

Obviously the servers differ. Check your code.

Ciao, Michael.