python-ldap vs. Active directory
Jens Vagelpohl
jens at dataflake.org
Mon May 23 14:46:15 CEST 2005
On May 22, 2005, at 14:11, Michael Ströder wrote:
> Jens Vagelpohl wrote:
>
>> For what it's worth, a long time ago I had the same problems with the
>> LDAPUserFolder Zope product against AD. Among the resultset
>> returned by
>> a query there would always be one record that made everything
>> barf. The
>> (not very clean) workaround has been to special-case that record and
>> discard it. It is a AD-specific referral.
>>
>
> How did you sort out this special case?
>
> IMO the appropriate way is to sort out the search references.
> Having to deal with referrals / search references is *not* AD-
> specific!
I know that references need to be dealt with, however, I have no AD
instance to test anything and thus the only goal was to make things
work somehow. I personally do not support AD, it's only on the basis
of "if it works for you, great. if not, sorry, can't help". Besides,
these "invalid" records come back as part of a normal set of search
results - leaving them out hasn't made anyone complain yet.
The specific case here is the return value from
ldap_connection.search_s, which I assume to be a sequence of two-item
sequences consisting of a string (the DN) and a dictionary (the
attributes and their values). However, with AD you can get stuff like
this as part f the results sequence:
(None, ['ldap://ForestDnsZones.PORTAL.LOCAL/
DC=ForestDnsZones,DC=PORTAL,DC=LOCAL'])
I simply discard anything where the second element is not a dictionary.
jens
More information about the python-ldap
mailing list