Tit*_*s P 10 python active-directory python-ldap
我没有任何运气找到答案,所以在这里.
当我使用python-ldap连接到AD服务器时,它似乎可以成功地用于某些功能,而不是其他功能.我的联系:
>>>import sys
>>>import ldap
>>>l = ldap.initialize("ldap://company.com:389")
>>>l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
>>>l.simple_bind_s("user@company.com","password")
(97, [], 1, [])
一些简单的谷歌搜索表明,97意味着成功,虽然成功的程度有点不稳定.但是,由于某种原因,我无法在状态代码1上找到任何内容.如果我在连接上运行一些ldap函数,其中一些工作,一些不工作.
>>>l.whoami_s()
'u:COMPANY.COM\\user'
似乎还好,但是
>>> base_dn = 'dc=company,dc=com'
>>> retrieveAttributes = ["uniquemember"]
>>> searchFilter = "cn=user"
>>> l.search_s(base_dn, ldap.SCOPE_SUBTREE,searchFilter,retrieveAttributes)
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 552, in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 546, in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 458, in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 462, in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'}
我很难理解为什么whoami会工作,但搜索不会.我正在为用户使用域管理员,因此它不应该与目录的权限有任何关系.任何人都能解释一下吗?
Cas*_*Cas 13
我得到了与你完全相同的错误,我做的是在进行绑定之前添加这一行(由Christopher建议),l.set_option(ldap.OPT_REFERRALS,0),例如
conn.protocol_version = ldap.VERSION3
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.simple_bind_s(user, pw)
之后,我与LDAP的连接工作正常.
基于上面@Cas所说的,我只需要添加:
connection.set_option(ldap.OPT_REFERRALS,0)
看来这是一个常见问题,因此已将其添加到python-ldap FAQ中:
问:我的脚本绑定到MS Active Directory,但是搜索操作会导致ldap.OPERATIONS_ERROR异常,并带有诊断消息文本“为了执行此操作,必须在连接上完成成功的绑定。”。这里发生了什么事?
答:从域级别搜索时,MS AD返回对某些对象的引用(搜索继续),以指示客户端在哪里寻找这些对象。客户端对引用的跟踪是一个错误的概念,因为LDAPv3没有指定在跟踪引用时要使用的凭据。Windows客户端应该仅使用其Windows凭据,但是在追踪从任意LDAP服务器接收的引用并指向它们时,通常这将无法正常工作。因此,默认情况下,libldap使用MS AD失败的匿名访问自动在内部跟踪引用。因此最好的办法是关闭此行为:
l = ldap.initialize('ldap:// foobar')
l.set_option(ldap.OPT_REFERRALS,0)
| 归档时间: |
|
| 查看次数: |
10012 次 |
| 最近记录: |