python-ldap vs. Active directory

Jens Vagelpohl jens at
Mon May 23 14:46:15 CEST 2005

On May 22, 2005, at 14:11, Michael Ströder wrote:

> Jens Vagelpohl wrote:
>> For what it's worth, a long time ago I had the same problems with the
>> LDAPUserFolder Zope product against AD. Among the resultset  
>> returned  by
>> a query there would always be one record that made everything   
>> barf. The
>> (not very clean) workaround has been to special-case that  record and
>> discard it. It is a AD-specific referral.
> How did you sort out this special case?
> IMO the appropriate way is to sort out the search references.
> Having to deal with referrals / search references is *not* AD- 
> specific!

I know that references need to be dealt with, however, I have no AD  
instance to test anything and thus the only goal was to make things  
work somehow. I personally do not support AD, it's only on the basis  
of "if it works for you, great. if not, sorry, can't help". Besides,  
these "invalid" records come back as part of a normal set of search  
results - leaving them out hasn't made anyone complain yet.

The specific case here is the return value from  
ldap_connection.search_s, which I assume to be a sequence of two-item  
sequences consisting of a string (the DN) and a dictionary (the  
attributes and their values). However, with AD you can get stuff like  
this as part f the results sequence:

(None, ['ldap://ForestDnsZones.PORTAL.LOCAL/ 

I simply discard anything where the second element is not a dictionary.


More information about the python-ldap mailing list