Re: python-ldap, Zope, and NDS

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sat, 24 Jun 2000, Michael [iso-8859-1] Ströder wrote:

> Does one-level browsing with web2ldap work?

Yes it did. I searched an ou that has some of those pesky bindery objects,
and web2ldap seemed fine.

> > It turns out that the bug I found (wherever its source) only manifests
> > itself when I use the 'browse' feature of Jeffrey Shell's ZLDAPConnection
> > product for Zope.
> 
> I don't know this module. If you reimplement one-level browsing in a
> primitive test program and it works you have to dig into
> ZLDAPConnection. Do you have any debugging messages in your server
> logs? It would be helpful to observe the DNs, scope and search
> filter it receives.

The code I posted in my original post showed that using ldap.SCOPE_ONELEVEL
fails when searching 'ou's that have the troublesome bindery objects.

Here it is again:

Python 1.5.2 (#0, Apr  3 2000, 14:46:48)  [GCC 2.95.2 20000313 (Debian
GNU/Linux)] on linux2
Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam
>>> import ldap
>>> l = ldap.open("206.131.108.2",389)
>>> l.simple_bind_s("ou=do,o=isd_197","")
>>> test = l.search_s("ou=do,o=isd_197", ldap.SCOPE_SUBTREE,
"objectclass=*")
>>> test2 = l.search_s("ou=do,o=isd_197", ldap.SCOPE_ONELEVEL,
"objectclass=*")
Traceback (innermost last):
  File "<stdin>", line 1, in ?
ldap.INVALID_DN_SYNTAX: {'desc': 'Invalid DN syntax'}
>>> 

> I'm not really sure that this is a bug in the OpenLDAP lib. I
> experienced exactly the same error when doing LDAP-queries with
> postfix-MTA (build with OpenLDAP libs) against a Lotus Domino
> server. But browsing and searching this server with web2ldap
> (python-ldap build with OpenLDAP lib) works just fine except some
> strange things Domino is doing (e.g. case-sensitive mail
> attributes). IMHO you have to take care about canonifying the DN.
> There are e.g. some strange things with LDAPv2- and LDAPv3-DN
> conversion.

I'm more convinced than ever that this is an NDS issue. The presence of
those bindery objects in the NDS tree is really just a kludge to prevent
breaking legacy apps that depend on the pre-NDS technology.

I'm not sure what you mean by "canonifying the DN." Care to expand on that?

Thanks for the help.

-Tim

--
Tim Wilson      | Visit Sibley online:         | Check out:
Henry Sibley HS | http://www.isd197.k12.mn.us/ | http://www.zope.org/
W. St. Paul, MN |                              | http://slashdot.org/
wi...@vi... |   <dtml-var pithy_quote>     | http://linux.com/