File: faq.rst

package info (click to toggle)
python-ldap 3.4.4-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,756 kB
  • sloc: python: 9,558; ansic: 3,052; makefile: 139; sh: 79
file content (194 lines) | stat: -rw-r--r-- 6,434 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
python-ldap FAQ
===============

Project
-------

**Q**: Is python-ldap yet another abandon-ware project?

  **A1**: “Jump on in.”

  **A2**: “Jump into the C ;-)”

  **A3**: see file CHANGES in source distribution
  or `repository`_.

.. _repository: https://github.com/python-ldap/python-ldap/blob/main/CHANGES


Usage
-----

**Q**: Does it work with Python 3?

  **A0**: Yes, from 3.0 on.

  **A1**. For earlier versions, there's `pyldap`_, an independent fork
  now merged into python-ldap.

.. _pyldap: https://pypi.org/project/pyldap/


**Q**: Does it work with Python 2.7? (1.5|2.0|2.1|2.2|2.3|2.4|2.5|2.6|2.7)?

  **A**: No. Old versions of python-ldap are still available from PyPI, though.


**Q**: My code imports module ``_ldap``.
That used to work, but after an upgrade it does not work anymore. Why?

   **A**: Despite some outdated programming examples, the extension module
    ``_ldap`` **MUST NOT** be imported directly, unless you really know what
    you're doing (e.g. for internal regression testing).

    Import ``ldap`` instead, which is a Python wrapper around ``_ldap``
    providing the full functionality.

**Q**: My script bound to MS Active Directory but a a search operation results
in the exception :exc:`ldap.OPERATIONS_ERROR` with the diagnostic message text
*“In order to perform this operation a successful bind must be completed on the
connection.”* Alternatively, a Samba 4 AD returns the diagnostic message
*"Operation unavailable without authentication"*. What's happening here?

    **A**: When searching from the domain level, MS AD returns referrals (search continuations)
    for some objects to indicate to the client where to look for these objects.
    Client-chasing of referrals is a broken concept, since LDAPv3 does not specify
    which credentials to use when chasing the referral. Windows clients are supposed
    to simply use their Windows credentials, but this does not work in general when
    chasing referrals received from and pointing to arbitrary LDAP servers.

    Therefore, per default, ``libldap`` automatically chases the referrals
    internally with an *anonymous* access which fails with MS AD.

    So, the best thing to do is to switch this behaviour off::

      l = ldap.initialize('ldap://foobar')
      l.set_option(ldap.OPT_REFERRALS,0)

    Note that setting the above option does NOT prevent search continuations
    from being returned, rather only that ``libldap`` won't attempt to resolve
    referrals.

**Q**: Why am I seeing a ``ldap.SUCCESS`` traceback as output?

    **A**: Most likely, you are using one of the non-synchronous calls, and probably
    mean to be using a synchronous call
    (see detailed explanation in :ref:`sending-ldap-requests`).

**Q**: Can I use LDAPv2 via python-ldap?

    **A**: Yes, by explicitly setting the class attribute
    :attr:`~ldap.LDAPObject.protocol_version`.

    You should not do that nowadays since
    `LDAPv2 is considered historic <https://tools.ietf.org/html/rfc3494>`_
    since many years.

**Q**: My TLS settings are ignored/TLS isn't working?

    **A**: Make sure you call `set_option( ldap.OPT_X_TLS_NEWCTX, 0 )`
    after changing any of the `OPT_X_TLS_*` options.



Installing
----------

**Q**: Does it work with Windows 32?

    **A**: Yes. You can find links to unofficial pre-compiled packages
    for Windows on the :ref:`installing` page.


**Q**: Can python-ldap be built against OpenLDAP 2.3 libs or older?

    **A**: No.
    The needed minimal version of OpenLDAP is documented in :ref:`build prerequisites`.
    Patched builds of python-ldap linked to older libs are not supported by the
    python-ldap project.


**Q**: During build there are warning messages displayed
telling Lib/ldap.py and Lib/ldap/schema.py are not found::

      warning: build_py: file Lib/ldap.py (for module ldap) not found
      warning: build_py: file Lib/ldap/schema.py (for module ldap.schema) not found

..

    **A**: ``ldap`` and ``ldap.schema`` are both module packages
    (directories containing various sub-modules).
    The messages above are falsely produced by DistUtils.
    Don't worry about it.

.. _install-macosx:

**Q**: What's the correct way to install on macOS?

  **A**::

      xcode-select --install
      pip install python-ldap \
         --global-option=build_ext \
         --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl"


**Q**: While importing module ``ldap``, some shared lib files are not found.
The error message looks similar to this::

      ImportError: ld.so.1: /usr/local/bin/python: fatal: liblber.so.2: open failed: No such file or directory

..

    **A1**: You need to make sure that the path to ``liblber.so.2`` and
    ``libldap.so.2`` is in your ``LD_LIBRARY_PATH`` environment variable.

    **A2**: Alternatively, if you're on Linux, you can add the path to
    ``liblber.so.2`` and ``libldap.so.2`` to ``/etc/ld.so.conf``
    and invoke the command ``ldconfig`` afterwards.



Historic
--------

**Q**: Can python-ldap 2.x be built against Netscape, Mozilla or Novell libs?

  **A**: Nope.


**Q**: My binary version of python-ldap was build with LDAP libs 3.3.
But the python-ldap docs say LDAP libs 2.x are needed. I'm confused!

  Short answer:
      See answer above and the :ref:`installing` page for
      a more recent version.

  Long answer:
      E.g. some Win32 DLLs floating around for download are based on
      the old Umich LDAP code which is not maintained anymore for
      *many* years! Last Umich 3.3 release was 1997 if I remember correctly.

      The OpenLDAP project took over the Umich code and started releasing
      OpenLDAP 1.x series mainly fixing bugs and doing some improvements
      to the database backend. Still, only LDAPv2 was supported at server
      and client side. (Many commercial vendors also derived their products
      from the Umich code.)

      OpenLDAP 2.x is a full-fledged LDAPv3 implementation. It has
      its roots in Umich code but has many more features/improvements.


**Q**: While importing module ``ldap``, there are undefined references reported.
The error message looks similar to this::

    ImportError: /usr/local/lib/libldap.so.2: undefined symbol: res_query

..

    **A**: Especially on older Linux systems, you might have to explicitly link
    against ``libresolv``.

    Tweak ``setup.cfg`` to contain this line::

        libs = lber ldap resolv