python-ldap vs. Active directory
jens at dataflake.org
Sun May 22 14:16:21 CEST 2005
On May 21, 2005, at 23:26, Michael Ströder wrote:
>> I was getting the exact same error. I fixed the problem by explicitly
>> disabling referral chasing in the OpenLDAP client libraries (for my
>> purposes, I didn't care about referrals).
>> Before you call ldap.initialize, try:
>> ldap.set_option(ldap.OPT_REFERRALS, 0)
> This is good advice since IIRC the OpenLDAP libs chase referrals doing
> an anonymous bind. Therefore it's definitely better to get the search
> references (check the result type). Sort them out or chase the
> in your Python application.
For what it's worth, a long time ago I had the same problems with the
LDAPUserFolder Zope product against AD. Among the resultset returned
by a query there would always be one record that made everything
barf. The (not very clean) workaround has been to special-case that
record and discard it. It is a AD-specific referral.
Another solution has been to connect to the "Global Catalog" port or
somesuch thing. This port apparently gives you a view on the data
contained in a forest of AD server instances as one single entity, as
opposed to single AD instances handing back references to other AD
instances where a record may be found.
More information about the python-ldap