[python-ldap] search_s call hangs (macos, python-ldap3.2). ldapsearch call is successful

Balaji Jeevan J.Balaji at gmail.com
Mon May 18 14:29:56 EDT 2020 

Dave,

That was it!.

After turning off referrals, it worked as expected.

Thanks so much,
Balaji


On Mon, May 18, 2020 at 8:53 AM Dave Peticolas <dave at krondo.com> wrote:

> I recommend you use the feature to turn off referrals in the Python code.
> I suspect the python code version is trying to follow a domain referral
> that doesn't actually exist. That seems to be a typical issue when you are
> using active directory.
>
> On Mon, May 18, 2020, 2:21 AM Balaji Jeevan <J.Balaji at gmail.com> wrote:
>
>> I am having an issue with search_s call hanging indefinitely. Direct
>> ldapsearch call is working fine.
>> I have included the working ldapsearch and the failing python-ldap call.
>>
>> I appreciate any pointers.
>> Thanks,
>> Balaji
>>
>> $ python --version
>> Python 3.7.7
>>
>> $ pip list | grep python-ldap
>> python-ldap        3.2.0
>>
>> $ sw_vers
>> ProductName: Mac OS X
>> ProductVersion: 10.14.6
>> BuildVersion: 18G4032
>>
>> (Mojave)
>>
>>
>> LDAP version:
>> $ /usr/libexec/slapd -d3
>> 5ec08515 @(#) $OpenLDAP: slapd 2.4.28 (Dec  3 2019 04:47:49) $
>> root at osx332.sd.apple.com:
>> /BuildRoot/Library/Caches/com.apple.xbs/Binaries/OpenLDAP/install/TempContent/Objects/servers/slapd
>> 5ec08515 daemon: SLAP_SOCK_INIT: dtblsize=256
>> 5ec08515 daemon_init: listen on ldap:///
>> 5ec08515 daemon_init: 1 listeners to open...
>>
>>
>> Direct ldapsearch call works as expected:
>>
>> $ ldapsearch -x -h ad-ldap.xxxxx.com -D "bjeevan at xxxxx.com" -w 'xxxxxx!'
>> -b "dc=xxxxx,dc=com" -s sub
>> '(&(objectCategory=person)(objectClass=user)(sAMAccountName=bjeevan)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
>> cn
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=xxxxx,dc=com> with scope subtree
>> # filter:
>> (&(objectCategory=person)(objectClass=user)(sAMAccountName=bjeevan)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
>> # requesting: cn
>> #
>>
>> # Balaji Jeevan, Users, Sunnyvale, xxxxx.com
>> dn: CN=Balaji Jeevan,OU=Users,OU=Sunnyvale,DC=xxxxx,DC=com
>> cn: Balaji Jeevan
>>
>> Here is the hanging python-ldap call:
>> $ python
>> Python 3.7.7 (default, Mar 10 2020, 15:43:03)
>> [Clang 11.0.0 (clang-1100.0.33.17)] on darwin
>> Type "help", "copyright", "credits" or "license" for more information.
>> >>> import ldap
>> >>> con = ldap.initialize('ldap://ad-ldap.xxxxx.com:389')
>> >>> con.simple_bind_s( 'bjeevan at xxxxx.com', "yyyyy!" )
>> (97, [], 1, [])
>> >>> rt = con.search_s("dc=xxxxx,dc=com", ldap.SCOPE_SUBTREE,
>> '(sAMAccountName=bjeevan)', [])
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> python-ldap mailing list
>> python-ldap at python.org
>> https://mail.python.org/mailman/listinfo/python-ldap
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20200518/96a52278/attachment.html>

More information about the python-ldap mailing list