[python-ldap] python-ldap code returns no data, conflicts with ldap-search results
burvilwork2 at gmail.com
Fri Oct 12 14:02:29 EDT 2018
I’m having an issue where the python-ldap module is returning no results,
even though I am able to get results through other methods. I use the same
parameters as ldapsearch, but the python code turns up nothing. This
happens with a large number of hostnames that I search for.
Specifically, I am able to get valid LDAP data returned for a hostname with
$ [AD-user at host-joined-to-AD:~]$ ldapsearch -x -H ldaps://
ldap-host-here.ds.subdomain.net:636 -D "AD-user at ds.subdomain.net” -w
‘password-here' -b "DC=ds,DC=subdomain,DC=net"
I also see a computer account for this system when logging into a Windows
system on the domain and searching for the hostname via dsa, so I know the
computer account is in AD/LDAP.
The following are my LDAP related modules. Note that I know the ldap module
version is a little old, but as I’m running RHEL 7.5, it’s the newest I can
make it without causing other dependencies to break, i.e. I had to install
this via RPM.
$ pip freeze | grep ldap
I run my code, and it shows nothing in the results:
Initializing LDAP connection object with uri ldaps://
Binding with username username-here…
LDAP results - 
The code is below. Any thoughts on why I’m not getting anything returned,
even though the computer account exists?
# IN: cfg, hostname, domain string
# OUT: True or False (if in AD or not)
def CheckIfHostInAD(cfg, hostname, env):
domain = "tld-value-here"
username = 'username-here'
password = 'password-here'
uri = "ldaps://ldap-host-here." + domain + ":636"
(subdomain, tld) = domain.split('.')
## Create instance of LDAP class. No connection has been made yet.
print("Initializing LDAP connection object with uri " + uri )
l = ldap.initialize(uri) #####!!!
results = 
OU_setting = ""
# When we connect, make sure to connect using LDAPv3
l.protocol_version = ldap.VERSION3
print("Binding with username " + username + "...")
bind = l.simple_bind_s(username, password)
# When we search, the base is the level at which we want to start
OU_setting = ""
base = OU_setting + "DC=ds,DC=" + subdomain + ",DC=net"
# When we search, filter results down to ones that have an
objectClass of "computer"
criteria = "(&(objectclass=computer)(cn=" + hostname + "))"
attributes = ['name']
print("Getting hostnames in " + domain
+ ", base " + str(base) + ", criteria " + str(criteria) )
# Ok! Search and store the result in the variable "result"
ldap_dump = l.search_s(base, ldap.SCOPE_SUBTREE, criteria,
print("Found " + len(ldap_dump) + " hostnames in " + domain)
# Print the results to the console
for data_dict in [entry for dn, entry in ldap_dump if
except Exception as e:
print("error - " + e)
# Now that we're done (failed or not), release the connection
print("LDAP results - " + str(results))
cfg = ""
hostname = “short-hostname-here”
env = ""
result = CheckIfHostInAD(cfg, hostname, env)
As I noted earlier, I'd prefer not to upgrade the python-ldap module if not
needed. In other words, unless there's something in a newer version where a
bug resulting in no data being returned, I'd prefer not to upgrade.
I found verbose settings for python-ldap at
using those didn't help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the python-ldap