python-ldap: searching without specifying an OU?

Michael Ströder michael at
Tue Apr 22 23:14:28 CEST 2008

hotani wrote:
> I am attempting to pull info from an LDAP server (Active Directory),
> but cannot specify an OU. In other words, I need to search users in
> all OU's, not a specific one.

If the user you're binding with has the right in AD to search the whole 
subtree you can start searching at the domain-level.

> con = ldap.initialize("ldap://server.local")
> con.simple_bind_s('user at domain', pass)
Just for the records: A simple bind with userPrincipalName only works on 
AD. It's not a LDAPv3 compliant bind request then (which requires a full 

> result = con.search_ext_s(
>   'OU=some office, DC=server, DC=local',
>   "sAMAccountName=username", ['mail']
> )[0][1]
> for i in result:
>   print "%s = %s" (i, result[i])
> But i really need it to not require an OU.

It should work. I'm doing this quite often.

> When I remove that part, it breaks.

What does "it breaks" mean? Any exception raised by python-ldap?

> Maybe a different search function?


Ciao, Michael.

More information about the Python-list mailing list