[Zope] LDAPUserFolder and Micro$oft AD (ugh!)
larry_prikockis@natureserve.org
larry_prikockis@natureserve.org
Thu, 13 Mar 2003 17:18:14 -0500
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C2E9AE.70F63480
Content-Type: text/plain
Greetings fellow Zope-addicts :-)
First-- no need to remind me that LDAPUserFolder isn't in any way designed
specifically to interoperate properly with Active Directory... I'm stuck
with AD for the moment.
I'm running Zope 2.6.1 on Linux (RH 7.1). I have the latest version of
LDAPUserFolder, python-ldap, open-ldap, etc. installed. For the most part,
everything works as advertised. However- there's a weird glitch that crops
up, apparently in the process of searching through certain portions of my
Active Directory structure (over which I have no direct control- despite my
fervent desire to reorganize it more sensibly)
Basically, the structure looks like this:
Dc=mydir,dc=org
ou=division1
ou=division2
ou=division3
cn=Configuration (lots of other junk under here ?!!)
User entries can be located under any of the various division ou's, so I
need to use a base DN: dc=mydir,dc=org and "subtree" for the scope setting.
What I get, when searching for a user entry is the following:
Error:
{'desc': "Can't contact LDAP server", 'info':
'Referral:\nldap://mydir.org/CN=Configuration,DC=mydir,DC=org'}
If I specify a user base DN of, e.g., ou=division1,dc=mydir,dc=org, then all
is well (though of course, I'm not really searching the full scope of
records I want to search).
Any ideas on how to tell where this error might be occurring (it strikes me
that it's probably related to something in python-ldap or open-ldap, rather
than the LDAPUser folder, but I don't know.)
Or is there some way I can tell modify the code to ignore the
CN=configuration portion of the directory tree? (since that seems to be the
root of the problem for whatever reason and it's not something I need to
look at for user authentication anyway).
Sorry for the long-winded message, but this has been driving me batty and
I'm hoping it'll ring a bell with someone out there.
Thanks much...
Larry Prikockis
------_=_NextPart_001_01C2E9AE.70F63480
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>LDAPUserFolder and Micro$oft AD (ugh!)</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Greetings fellow Zope-addicts :-)</FONT>
</P>
<P><FONT SIZE=3D2>First-- no need to remind me that LDAPUserFolder =
isn't in any way designed specifically to interoperate properly with =
Active Directory... I'm stuck with AD for the moment.</FONT></P>
<P><FONT SIZE=3D2>I'm running Zope 2.6.1 on Linux (RH 7.1). I =
have the latest version of LDAPUserFolder, python-ldap, open-ldap, etc. =
installed. For the most part, everything works as =
advertised. However- there's a weird glitch that crops up, =
apparently in the process of searching through certain portions of my =
Active Directory structure (over which I have no direct control- =
despite my fervent desire to reorganize it more sensibly)</FONT></P>
<P><FONT SIZE=3D2>Basically, the structure looks like this:</FONT>
</P>
<P><FONT SIZE=3D2>Dc=3Dmydir,dc=3Dorg</FONT>
<BR> <FONT =
SIZE=3D2>ou=3Ddivision1</FONT>
<BR> <FONT =
SIZE=3D2>ou=3Ddivision2</FONT>
<BR> <FONT =
SIZE=3D2>ou=3Ddivision3</FONT>
<BR> <FONT =
SIZE=3D2>cn=3DConfiguration (lots of other junk under here =
?!!)</FONT>
</P>
<P><FONT SIZE=3D2>User entries can be located under any of the various =
division ou's, so I need to use a base DN: dc=3Dmydir,dc=3Dorg and =
"subtree" for the scope setting.</FONT></P>
<P><FONT SIZE=3D2>What I get, when searching for a user entry is the =
following: </FONT>
</P>
<P><FONT SIZE=3D2>Error: </FONT>
<BR><FONT SIZE=3D2>{'desc': "Can't contact LDAP server", =
'info': =
'Referral:\nldap://mydir.org/CN=3DConfiguration,DC=3Dmydir,DC=3Dorg'} =
</FONT>
</P>
<P><FONT SIZE=3D2>If I specify a user base DN of, e.g., =
ou=3Ddivision1,dc=3Dmydir,dc=3Dorg, then all is well (though of course, =
I'm not really searching the full scope of records I want to =
search).</FONT></P>
<P><FONT SIZE=3D2>Any ideas on how to tell where this error might be =
occurring (it strikes me that it's probably related to something in =
python-ldap or open-ldap, rather than the LDAPUser folder, but I don't =
know.)</FONT></P>
<P><FONT SIZE=3D2>Or is there some way I can tell modify the code to =
ignore the CN=3Dconfiguration portion of the directory tree? (since =
that seems to be the root of the problem for whatever reason and it's =
not something I need to look at for user authentication =
anyway).</FONT></P>
<P><FONT SIZE=3D2>Sorry for the long-winded message, but this has been =
driving me batty and I'm hoping it'll ring a bell with someone out =
there.</FONT></P>
<P><FONT SIZE=3D2>Thanks much...</FONT>
<BR><FONT SIZE=3D2>Larry Prikockis</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C2E9AE.70F63480--