Python-LDAP for Win32 & Windows 2003 LDAP
Michael Ströder
michael at stroeder.com
Tue Aug 7 23:14:00 CEST 2007
Markus Zapke-Gründemann wrote:
>
> A few days ago I tried the first time a subtree search starting at
> the root of an Active Directory on a Windows 2003 Server.
This returns no results (if authenticated). So there's no point trying
that. You should rather read namingContexts or defaultNamingContext from
rootDSE (base search) to determine the search root on a particular DC.
> Operations error
> 00000000: LdapErr: DSID-0C090627, comment: In order to perform this
> operation a successful bind must be completed on the connection.,
> data 0, vece
Then you tried to connect anonymously which is prohibited in AD's
default configuration.
> Connecting and binding to the server is working flawlessly. Searching
> subtrees is working as well.
If you bind everything which is possible in AD should work.
> I did also a test with the ldp client of the Microsoft Support Tools
> package[1], just to verify that all privileges are correct. With this
> client a search with the same filter from the root of the directory
> is working.
And what did the client return as results?
Maybe ldp.exe is using SASL/GSSAPI bind based on your Windows
workstation logon seamless without you taking notice of it. And maybe
ldp.exe also looks at defaultNamingContext in the rootDSE...
Best thing to find out what a client really does it using Wireshark.
Ciao, Michael.
More information about the python-ldap
mailing list