python-ldap: searching without specifying an OU?

2008-04-22 Thread hotani 
I am attempting to pull info from an LDAP server (Active Directory),
but cannot specify an OU. In other words, I need to search users in
all OU's, not a specific one.

Here is what works:

con = ldap.initialize("ldap://server.local";)
con.simple_bind_s('[EMAIL PROTECTED]', pass)
result = con.search_ext_s(
  'OU=some office, DC=server, DC=local',
  ldap.SCOPE_SUBTREE,
  "sAMAccountName=username", ['mail']
)[0][1]

for i in result:
  print "%s = %s" (i, result[i])

But i really need it to not require an OU. When I remove that part, it
breaks. Or it just won't find the user. Is there a proper syntax for
this that I'm missing? Maybe a different search function?
--
http://mail.python.org/mailman/listinfo/python-list

Re: python-ldap: searching without specifying an OU?

2008-04-22 Thread hotani 
Thanks for the response. The user I'm connecting as should have full
access but I'll double check tomorrow.


This is the LDAP error that is returned when I leave out the OU:

{'info': ': LdapErr: DSID-0C090627, comment: In order to
perform this operation a successful bind must be completed on the
connection., data 0, vece', 'desc': 'Operations error'}
--
http://mail.python.org/mailman/listinfo/python-list

Re: python-ldap: searching without specifying an OU?

2008-04-23 Thread hotani 
It seems the only way I can bind is by using this format:
simple_bind_s('[EMAIL PROTECTED]','password')

If I try using a DN, it fails every time. This will not work:
simple_bind_s('cn=user,dc=server,dc=local', 'password')

Errors out with "invalid credentials": ldap.INVALID_CREDENTIALS:
{'info': '80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece', 'desc': 'Invalid
credentials'}


If I put the *wrong* credentials in the first format, it will fail -
which seems to indicate the bind is working. With that
'successful' (?) bind, it is returning the bind error from my earlier
post only when I leave out the OU when searching.
--
http://mail.python.org/mailman/listinfo/python-list

Re: python-ldap: searching without specifying an OU?

2008-04-23 Thread hotani 
This fixed it!
http://peeved.org/blog/2007/11/20/

By adding this line after 'import ldap', I was able to search from the
root level:
ldap.set_option(ldap.OPT_REFERRALS, 0)
--
http://mail.python.org/mailman/listinfo/python-list