[python-ldap] Error with expiring accounts

Michael Ströder michael at stroeder.com
Wed Mar 12 21:20:33 CET 2014

Polkosnik, Adam wrote:
> I really don’t see where you have those values (they are listed in Lib/ldap/controls/pwdpolicy.py): 
> 2.16.840.1.113730.3.4.4 - Netscape Password Expired LDAPv3 control
> 2.16.840.1.113730.3.4.5 - Netscape Password Expiring LDAPv3 control

Ouch! I've overlooked that you're talking about pwdpolicy and not ppolicy.


May I ask which LDAP server that is?
Actually the (ancient) I-D above specifies that the server returns this
response control with criticality: false.

> Adding the missing imports to pwdpolicy.py makes it almost work:
>     self.gracePeriod = struct.unpack('!Q',encodedControlValue)[0]
> struct.error: unpack requires a string argument of length 8
> So, at this point it's complaining that the encodedControlValue is shorter than 8 bytes?!
> Dow we just get rid of the unpack and assign the value? At least that seemed to work ok.

Hmm, it seems I don't have such a LDAP server to test.

Could you please send repr(encodedControlValue) and determine how many seconds
the grace period really is?

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20140312/42bc623d/attachment.bin>

More information about the python-ldap mailing list