Local Error in simple_bind_s();

Michael Ströder michael at stroeder.com
Sun Dec 30 14:04:07 CET 2007

Leons Petrazickis wrote:
> I now have a fresh Ubuntu 7.10 install with OpenLDAP 2.1 in /usr/lib and a
> manually compiled OpenLDAP 2.3.39 in /usr/local/lib.

I hope you did not install python-ldap from Ubuntu. Do you have more 
than one version of Python on this system?

Did you really

configure --prefix=/usr/local
make install

when compiling OpenLDAP? Are you sure that the include file ldap.h and 
lber.h were present under /usr/local/include when building python-ldap?

I'd recommend to completely stay out of the standard LIB path.

1. Remove what you manually copied to /usr/local/lib and /usr/local/include.
2. Build OpenLDAP 2.3 with

configure --prefix=/opt/openldap-2.3
make install (as root)

If you only want the OpenLDAP client libs you can add --disable-slapd 
and --disable-slurpd to the configure command line.

3. and then set

library_dirs = /opt/openldap-2.3/lib
include_dirs = /opt/openldap-2.3/include /usr/include/sasl

4. and invoke as root
python2.5 setup.py install

Make sure to remove the old content of build/ in the python-ldap source 
dir before.

> ldd _ldap.so says that python-ldap links to the right one:
> linux-gate.so.1 =>  (0xffffe000)
> libldap_r-2.3.so.0 => /usr/local/lib/libldap_r-2.3.so.0 (0xb7f36000)
> liblber-2.3.so.0 => /usr/local/lib/liblber-2.3.so.0 (0xb7f29000)

And how about ldd /usr/local/lib/libldap_r-2.3.so.0?

> Doing a simple_bind_s() on ldap.openldap.org works:
> [..]
> But a simple_bind_s() on bluepages.ibm.com doesn't:
 > ldap_err2string
 > => LDAPError - LOCAL_ERROR: {'desc': 'Local error'}

Hmm, really strange.

> wait4msg continue ld 0x81e4ef0 msgid 1 all 1
> ** ld 0x81e4ef0 Connections:
> * host: bluepages.ibm.com  port: 636  (default)

Hmm, did you really use ldap.initialize('ldaps://bluepages.ibm.com') for 
creating the LDAPObject instance? Note the URL scheme ldaps instead of 
just ldap. I don't see any SSL-related debug messages.

> However, ldapsearch doesn't crash at this point:
> [..]
> It probably uses the OpenLDAP 2.1 libraries, though. I could make it use
> the 2.3 ones if it would help.

If you invoke make install the OpenLDAP command-line utilities are 
installed under <prefix>/bin, e.g. /opt/openldap-2.3/bin/ldapsearch if 
using the --prefix as suggested above. Then this command-line tool is 
using the right libs.

> It's Tivoli Directory Server 5.2:
> dn:
> Could the blank dn be a problem?

It's correct. This is the rootDSE which indeed has an empty DN, "" in 
Python syntax.

Ciao, Michael.

More information about the python-ldap mailing list