[python-ldap] Error with expiring accounts

Polkosnik, Adam adam.polkosnik at ny.frb.org
Tue Mar 4 18:26:38 CET 2014

Hello there,
Would anybody be willing  to help me with getting to the bottom of this?

I've set up LDAP for some webapp, and I get this error:

LDAP Auth error: Received unexpected critical response control with controlType '2.16.840.1.113730.3.4.5'

I'm using python-ldap-2.4.14, and it gets thrown for accounts that get the warning about the accounts that have a password expiration in a few days.
Searching through the code, I figured that the handling should happen in Lib/ldap/controls/pwdpolicy.py since that's where the OID is defined.

The error is generated in

136           knownLDAPControls = knownLDAPControls or KNOWN_RESPONSE_CONTROLS
137           result = []
138           for controlType,criticality,encodedControlValue in ldapControlTuples or []:
139             try:
140               control = knownLDAPControls[controlType]()
141             except KeyError:
142               if criticality:
143                 raise ldap.UNAVAILABLE_CRITICAL_EXTENSION('Received unexpected critical response control with controlType %s' % (repr(controlType)))
144             else:
145               control.controlType,control.criticality = controlType,criticality
146               try:
147                 control.decodeControlValue(encodedControlValue)
148               except PyAsn1Error,e:
149                 if criticality:
150                   raise e
151               else:
152                 result.append(control)
153           return result

In my case I tried to get some more info through printing out more values in the exception:
criticality =-1,
encodedControlValue = 410453,
repr(controlType) = 2.16.840.1.113730.3.4.5
also, I tried to get value of control, but got:
LDAP Auth error: local variable 'control' referenced before assignment

Thanks in advance,
Adam Polkosnik

This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information.  If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20140304/56210b49/attachment.html>

More information about the python-ldap mailing list