Greetings fellow Zope-addicts :-) First-- no need to remind me that LDAPUserFolder isn't in any way designed specifically to interoperate properly with Active Directory... I'm stuck with AD for the moment. I'm running Zope 2.6.1 on Linux (RH 7.1). I have the latest version of LDAPUserFolder, python-ldap, open-ldap, etc. installed. For the most part, everything works as advertised. However- there's a weird glitch that crops up, apparently in the process of searching through certain portions of my Active Directory structure (over which I have no direct control- despite my fervent desire to reorganize it more sensibly) Basically, the structure looks like this: Dc=mydir,dc=org ou=division1 ou=division2 ou=division3 cn=Configuration (lots of other junk under here ?!!) User entries can be located under any of the various division ou's, so I need to use a base DN: dc=mydir,dc=org and "subtree" for the scope setting. What I get, when searching for a user entry is the following: Error: {'desc': "Can't contact LDAP server", 'info': 'Referral:\nldap://mydir.org/CN=Configuration,DC=mydir,DC=org'} If I specify a user base DN of, e.g., ou=division1,dc=mydir,dc=org, then all is well (though of course, I'm not really searching the full scope of records I want to search). Any ideas on how to tell where this error might be occurring (it strikes me that it's probably related to something in python-ldap or open-ldap, rather than the LDAPUser folder, but I don't know.) Or is there some way I can tell modify the code to ignore the CN=configuration portion of the directory tree? (since that seems to be the root of the problem for whatever reason and it's not something I need to look at for user authentication anyway). Sorry for the long-winded message, but this has been driving me batty and I'm hoping it'll ring a bell with someone out there. Thanks much... Larry Prikockis
as always, a full traceback might shed more light on the issue... jens On Thursday, Mar 13, 2003, at 17:18 US/Eastern, larry_prikockis@natureserve.org wrote:
Greetings fellow Zope-addicts :-)
First-- no need to remind me that LDAPUserFolder isn't in any way designed specifically to interoperate properly with Active Directory... I'm stuck with AD for the moment.
I'm running Zope 2.6.1 on Linux (RH 7.1). I have the latest version of LDAPUserFolder, python-ldap, open-ldap, etc. installed. For the most part, everything works as advertised. However- there's a weird glitch that crops up, apparently in the process of searching through certain portions of my Active Directory structure (over which I have no direct control- despite my fervent desire to reorganize it more sensibly)
Basically, the structure looks like this:
Dc=mydir,dc=org ou=division1 ou=division2 ou=division3 cn=Configuration (lots of other junk under here ?!!)
User entries can be located under any of the various division ou's, so I need to use a base DN: dc=mydir,dc=org and "subtree" for the scope setting.
What I get, when searching for a user entry is the following:
Error: {'desc': "Can't contact LDAP server", 'info': 'Referral:\nldap://mydir.org/CN=Configuration,DC=mydir,DC=org'}
If I specify a user base DN of, e.g., ou=division1,dc=mydir,dc=org, then all is well (though of course, I'm not really searching the full scope of records I want to search).
Any ideas on how to tell where this error might be occurring (it strikes me that it's probably related to something in python-ldap or open-ldap, rather than the LDAPUser folder, but I don't know.)
Or is there some way I can tell modify the code to ignore the CN=configuration portion of the directory tree? (since that seems to be the root of the problem for whatever reason and it's not something I need to look at for user authentication anyway).
Sorry for the long-winded message, but this has been driving me batty and I'm hoping it'll ring a bell with someone out there.
Thanks much... Larry Prikockis
participants (2)
-
Jens Vagelpohl -
larry_prikockis@natureserve.org