-
Notifications
You must be signed in to change notification settings - Fork 0
/
faq.html
232 lines (203 loc) · 7.12 KB
/
faq.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
<!--#set var="head_title" value="FAQ" -->
<!--#set var="head_pagedescription" value="Frequently Asked Questions" -->
<!--#include file="ssi/head.shtml" -->
<p>
<a href="#project">Project</a> /
<a href="#usage">Usage</a> /
<a href="#installing">Installing</a> /
<a href="#historic">Historic</a>
</p>
<h2 id="project">Project</h2>
<ul>
<li>
<p>Q: Is python-ldap yet another abandon-ware project?</p>
<p>
A1: "Jump on in."<br>
A2: "Jump into the C ;-)"<br>
A3: see file CHANGES in source distribution</a>
</p>
</li>
</ul>
<h2 id="usage">Usage</h2>
<ul>
<li>
<p>Q: Does it work with Python 3?</p>
<p>
A1: No. Due to time constraints.<br>
A2: There's an
<a href="https://github.com/pyldap/pyldap">independent fork</a>
not related to this project.
</p>
</li>
<li>
<p>
Q: My code imports module <var>_ldap</var>.
That used to work but with recent version 2.0.0pre that does not work anymore?
</p>
<p>
A:
Despite some outdated programming examples the extension module
<em>_ldap</em> <strong>MUST NOT</strong> be imported directly unless
you really know what you're doing (e.g. for internal regression testing).
<br>
Import <var>ldap</var> instead which is a Python wrapper around <var>_ldap</var>
providing the full functionality.
</p>
</li>
<li>
<p>Q: My script bound to MS Active Directory but a a search operation results
in an exception <var>ldap.OPERATIONS_ERROR</var> with the diagnostic messages text
"In order to perform this operation a successful bind must be
completed on the connection.".<br>
What's happening here?</p>
<p>A:
When searching from the domain level MS AD returns referrals (search continuations)
for some objects to indicate to the client where to look for these objects.
Client-chasing of referrals is a broken concept since LDAPv3 does not specify
which credentials to use when chasing the referral. Windows clients are supposed
to simply use their Windows credentials but this does not work in general when
chasing referrals received from and pointing to arbitrary LDAP servers.<br>
Therefore per default <var>libldap</var> automatically chases the referrals
internally with an <em>anonymous</em> access which fails with MS AD.<br>
So best thing is to switch this behaviour off:
</p>
<pre>
l = ldap.initialize('ldap://foobar')
l.set_option(ldap.OPT_REFERRALS,0)
</pre>
</li>
<li>
<p>Q: Why am I seeing <var>ldap.SUCCESS</var> traceback as output?</p>
<p>A:
Most likely you are using one of the non-synchronous calls, and probably mean to be using a synchronous call
(see detailed explanation in the <a href="doc/html/ldap.html#sending-ldap-requests">docs</a>).
</p>
</li>
<li>
<p>Q: Can I use LDAPv2 via python-ldap?</p>
<p>A:
Yes, by explicitly setting the class attribute
<a href="doc/html/ldap.html#object-attributes">protocol_version</a>.
<br>
You should not do that nowadays since
<a href="https://tools.ietf.org/html/rfc3494">LDAPv2 is considered historic</a>
since many years.
</p>
</li>
</ul>
<h2 id="installing">Installing</h2>
<ul>
<li>
<p>Q: Does it work with Windows 32?</p>
<p>
A: You can find links to pre-compiled packages for Win32 on the
<a href="download.html">download page</a>.
</p>
</li>
<li>
<p>Q: Can python-ldap be built against OpenLDAP 2.3 libs or older?</p>
<p>A:
No, for recent python-ldap 2.4.x the OpenLDAP 2.4 client libs or newer are required.
Patched builds of python-ldap linked to older libs are not supported by the
python-ldap project.
</p>
</li>
<li>
<p>
Q:
During build there are warning messages displayed
telling Lib/ldap.py and Lib/ldap/schema.py are not found:
</p>
<pre>
warning: build_py: file Lib/ldap.py (for module ldap) not found
warning: build_py: file Lib/ldap/schema.py (for module ldap.schema) not found
</pre>
<p>
A:
<var>ldap</var> and <var>ldap.schema</var> are both module packages
(directories containing various sub-modules).
The messages above are falsely produced by DistUtils. Don't worry about it.
</p>
</li>
<li id="install_macosx">
<p>
Q: What's the correct way to install on Mac OS X?
</p>
<pre>
xcode-select --install
pip install python-ldap \
--global-option=build_ext \
--global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl"
</pre>
</li>
<li>
<p>Q: While importing module ldap some shared lib files are not found.
Error message looks similar to this:
</p>
<pre>
ImportError: ld.so.1: /usr/local/bin/python: fatal: liblber.so.2: open failed: No such file or directory
</pre>
<p>A1:
You need to make sure that the path to <em>liblber.so.2</em> and
<em>libldap.so.2</em> is in your <var>LD_LIBRARY_PATH</var> environment
variable.
</p>
<p>A2: Alternatively if you're on Linux you can add the path to
<em>liblber.so.2</em> and <em>libldap.so.2</em> to /etc/ld.so.conf
and invoke command <code>ldconfig</code> afterwards.
</p>
</li>
</ul>
<h2 id="historic">Historic</h2>
<ul>
<li>
<p>Q: Can python-ldap 2.x be built against Netscape, Mozilla or Novell libs?</p>
<p>A: Nope.</p>
</li>
<li>
<p>
Q: My binary version of python-ldap was build with LDAP libs 3.3.
But the python-ldap docs say LDAP libs 2.x are needed. I'm confused!
</p>
<p>
Short answer: See answer above and <a href="download.html">download</a>
a more recent version.
</p>
<p>
Long answer:<br>
E.g. some Win32 DLLs floating around for download are based on
the old Umich LDAP code which is not maintained anymore for
<em>many</em> years! Last Umich 3.3 release was 1997 if I remember correctly.<br>
The OpenLDAP project took over the Umich code and started releasing
OpenLDAP 1.x series mainly fixing bugs and doing some improvements
to the database backend. Still only LDAPv2 was supported at server
and client side. (Many commercial vendors also derived their products
from the Umich code.)<br>
OpenLDAP 2.x is a full-fledged LDAPv3 implementation. Still it has
its roots in Umich code but has many more features/improvements.
</p>
</li>
<li>
<p>Q: Does it work with Python (1.5|2.0|2.1|2.2)?</p>
<p>
A: The basic modules ldap and ldif should still work but python-ldap
is not tested thoroughly with these ancient Python releases anymore.
</p>
</li>
<li>
<p>Q: While importing module ldap there are undefined references reported.
Error message looks similar to this:
</p>
<pre>
ImportError: /usr/local/lib/libldap.so.2: undefined symbol: res_query
</pre>
<p>A: Especially on older Linux systems you might have to explicitly link
against <var>libresolv</var>.
Tweak <em>setup.cfg</em> to contain this line:
</p>
<pre>
libs = lber ldap resolv
</pre>
</li>
</ul>
<!--#include file="ssi/footer.shtml" -->