Menu
▾
▴
python-ldap-dev
|
From: Thorsten K. <tho...@th...> - 2009-07-13 09:10:15
|
[Python 2.6.2, python-ldap 2.3.8, Apache DS 1.5.4]
Hi,
not sure whether this is an Apache DS or Python-LDAP bug: Apache DS
replies with values although I specifically request it not to:
[1]>>> import ldap
[2]>>> connection = ldap.initialize('ldap://')
[3]>>> connection.simple_bind_s('uid=admin,ou=system', 'secret')
[3] (97, [])
[4]>>> connection.search_s('ou=system', ldap.SCOPE_SUBTREE,
filterstr='(cn=*)', attrlist = ['cn'], attrsonly = True)
[4]
[('uid=admin,ou=system', {'cn': ['system administrator']}),
('cn=Administrators,ou=groups,ou=system', {'cn': ['Administrators']})]
But:
~/.ldaprc
BASE ou=system
BINDDN uid=admin,ou=system
URI ldap://
thorsten@tkampe[~]> ldapsearch -x -w secret -LLL -A "(cn=*)" cn
dn: uid=admin,ou=system
cn:
dn: cn=Administrators,ou=groups,ou=system
cn:
The same query works (does not return values) if I query an Active
Directory or eDirectory server.
Thorsten
|
|
From: Michael S. <mi...@st...> - 2009-07-13 09:37:47
|
Thorsten Kampe wrote:
> [4]>>> connection.search_s('ou=system', ldap.SCOPE_SUBTREE,
> filterstr='(cn=*)', attrlist = ['cn'], attrsonly = True)
Just a wild guess: Could you please try again with attrsonly=1. Note
that this API has its roots in Python 1.x times where there was no
Boolean True/False type. It would be worth handling that gracefully though.
Ciao, Michael.
|
|
From: Michael S. <mi...@st...> - 2009-07-13 09:51:41
|
Michael Ströder wrote:
> Thorsten Kampe wrote:
>> [4]>>> connection.search_s('ou=system', ldap.SCOPE_SUBTREE,
>> filterstr='(cn=*)', attrlist = ['cn'], attrsonly = True)
>
> Just a wild guess: Could you please try again with attrsonly=1. Note
> that this API has its roots in Python 1.x times where there was no
> Boolean True/False type. It would be worth handling that gracefully though.
Which versions of Python and python-ldap are you using?
I've tested it with my local OpenLDAP server with Python 2.6 and
python-ldap 2.3.8 built against OpenLDAP RE24 libs:
>>> l.search_ext_s('dc=stroeder,dc=de',0,'(objectclass=*)',attrsonly=0)
[('dc=stroeder,dc=de', {'description': ['Wurzeleintrag f\xc3\xbcr
lokales Adressbuch von Michael Str\xc3\xb6der'], 'labeledURI':
['http://www.stroeder.de', 'http://www.block-floete.de'], 'objectClass':
['domain', 'labeledURIObject', 'domainRelatedObject'],
'associatedDomain': ['stroeder.com'], 'dc': ['stroeder'], 'o':
['Michaels'], 'seeAlso': ['dc=stroeder,dc=com']})]
>>> l.search_ext_s('dc=stroeder,dc=de',0,'(objectclass=*)',attrsonly=1)
[('dc=stroeder,dc=de', {'description': [], 'labeledURI': [],
'objectClass': [], 'associatedDomain': [], 'dc': [], 'o': [], 'seeAlso':
[]})]
>>> l.search_ext_s('dc=stroeder,dc=de',0,'(objectclass=*)',attrsonly=True)
[('dc=stroeder,dc=de', {'description': [], 'labeledURI': [],
'objectClass': [], 'associatedDomain': [], 'dc': [], 'o': [], 'seeAlso':
[]})]
So it seems that it simply works.
Ciao, Michael.
|
|
From: Thorsten K. <tho...@th...> - 2009-07-13 10:18:10
|
* Michael Ströder (Mon, 13 Jul 2009 11:20:44 +0200)
> Thorsten Kampe wrote:
> > [4]>>> connection.search_s('ou=system', ldap.SCOPE_SUBTREE,
> > filterstr='(cn=*)', attrlist = ['cn'], attrsonly = True)
>
> Just a wild guess: Could you please try again with attrsonly=1. Note
> that this API has its roots in Python 1.x times where there was no
> Boolean True/False type. It would be worth handling that gracefully though.
Same result.
Thorsten
|
|
From: Thorsten K. <tho...@th...> - 2009-07-13 11:44:47
|
* Michael Ströder (Mon, 13 Jul 2009 13:23:26 +0200) > Thorsten Kampe wrote: > > It does work against eDirectory and Active Directory (as mentioned). > > ...and OpenLDAP. So the likelihood is very high that python-ldap does > not have a bug. > > > "ldapsearch -A" also works against Apache DS. The question is still: is > > that a Python-LDAP or Apache DS bug? > > It's a ApacheDS bug. > > > Could you install Apache Directory Server or Apache Directory Studio? > > Hmm, you're very generous with my spare time. > > Both allow you to create that directory that I queried in about one > > minute. > > I did and watching the LDAP traffic with Wireshark shows that ApacheDS > returns the attribute values although searchRequest::typesOnly is True > on the wire. In opposite to that OpenLDAP's slapd does not return any > attribute values in this case. > > I suspect ldapsearch -A also changes the way how found entries are > displayed. > > Please next time use Wireshark to track things down. I would have done it if that would be an option. Apart from the fact that my Apache DS runs on my local host and winpcap not being able to capture packets on the looback interface (on Windows) I am not familiar with LDAP enough to be able to judge what "searchRequest::typesOnly" is or means. Nevertheless thanks, I'm going to open a bug with the Apache DS team. Thorsten |
|
From: Thorsten K. <tho...@th...> - 2009-07-13 10:23:40
|
* Michael Ströder (Mon, 13 Jul 2009 11:51:29 +0200)
> Which versions of Python and python-ldap are you using?
Python 2.6.2, python-ldap 2.3.8, Apache DS 1.5.4
> I've tested it with my local OpenLDAP server with Python 2.6 and
> python-ldap 2.3.8 built against OpenLDAP RE24 libs:
>
> >>> l.search_ext_s('dc=stroeder,dc=de',0,'(objectclass=*)',attrsonly=0)
> [('dc=stroeder,dc=de', {'description': ['Wurzeleintrag f\xc3\xbcr
> lokales Adressbuch von Michael Str\xc3\xb6der'], 'labeledURI':
> ['http://www.stroeder.de', 'http://www.block-floete.de'], 'objectClass':
> ['domain', 'labeledURIObject', 'domainRelatedObject'],
> 'associatedDomain': ['stroeder.com'], 'dc': ['stroeder'], 'o':
> ['Michaels'], 'seeAlso': ['dc=stroeder,dc=com']})]
> >>> l.search_ext_s('dc=stroeder,dc=de',0,'(objectclass=*)',attrsonly=1)
> [('dc=stroeder,dc=de', {'description': [], 'labeledURI': [],
> 'objectClass': [], 'associatedDomain': [], 'dc': [], 'o': [], 'seeAlso':
> []})]
> >>> l.search_ext_s('dc=stroeder,dc=de',0,'(objectclass=*)',attrsonly=True)
> [('dc=stroeder,dc=de', {'description': [], 'labeledURI': [],
> 'objectClass': [], 'associatedDomain': [], 'dc': [], 'o': [], 'seeAlso':
> []})]
>
> So it seems that it simply works.
It does work against eDirectory and Active Directory (as mentioned).
"ldapsearch -A" also works against Apache DS. The question is still: is
that a Python-LDAP or Apache DS bug?
Could you install Apache Directory Server or Apache Directory Studio?
Both allow you to create that directory that I queried in about one
minute.
Thorsten
|
|
From: Michael S. <mi...@st...> - 2009-07-13 11:23:39
|
Thorsten Kampe wrote: > It does work against eDirectory and Active Directory (as mentioned). ...and OpenLDAP. So the likelihood is very high that python-ldap does not have a bug. > "ldapsearch -A" also works against Apache DS. The question is still: is > that a Python-LDAP or Apache DS bug? It's a ApacheDS bug. > Could you install Apache Directory Server or Apache Directory Studio? Hmm, you're very generous with my spare time. > Both allow you to create that directory that I queried in about one > minute. I did and watching the LDAP traffic with Wireshark shows that ApacheDS returns the attribute values although searchRequest::typesOnly is True on the wire. In opposite to that OpenLDAP's slapd does not return any attribute values in this case. I suspect ldapsearch -A also changes the way how found entries are displayed. Please next time use Wireshark to track things down. Ciao, Michael. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X