[Zope] [LDAP] Does LDAPUserFolder work with Zope 2.6.0?

Colin Sampaleanu colinml1@exis.com
Thu, 28 Nov 2002 16:04:48 -0500


Could this be happening because the directory server is returning a 
search result with a continuation reference? I have been hitting the 
server with a java program, and have seen that it is returning a search 
result with one (valid) entry, for the user, but there is also a 
continuation reference of "" coming back as part of that result. Now 
looking into this, this is supposed to happen when you do a search 
against Active Directory which crosses domains, and you are not hitting 
an Active Directory Catalog Master (basically an instance of the server 
which has not been set up a catalog master, having multi-domain 
information). I am definitely hitting a catalog master, but it is still 
returning the "" continuation, so something weird is going on. My hunch, 
in any case (and I may be completely off) is that maybe LDAPUserfolder 
does not know what to do with the continuation reference. Could this be it?


Jens Vagelpohl wrote:

> if you know how to use the python debugger you could step through the 
> code (starting in the validate method) to determine exactly where the 
> lag is. strategically placed logging (print statements, logging calls) 
> would also help.
>
> jens
>
>
> On Monday, Nov 25, 2002, at 18:14 US/Eastern, Colin Sampaleanu wrote:
>
>> Brad Clements wrote:
>>
>>> On 25 Nov 2002 at 17:07, Colin Sampaleanu wrote:
>>>
>>>
>>>> Unfortunately I am not running LDAP on the same machine. I did 
>>>> consider the
>>>> fact that perhaps this was the same issue, but the machine appears
>>>> responsive otherwise. What is interesting is that after about 10 
>>>> minutes it
>>>> _does_ come back, saying that the user/credentials are not value. So
>>>> LDAPUserFolder does not necessarilly think it has a problem, it 
>>>> just thinks
>>>> there is an authenticaiton issue. Of course I would say if it takes 10
>>>> minutes there is a sever problem somewhere, never mind the fact 
>>>> that the
>>>> authentication should work..
>>>>
>>>
>>> Sounds like there is a firewall between the two systems, configured 
>>> to drop packets rather than generate an ICMP port unreachable response.
>>>
>>> ipchains in the way?
>>>
>>>
>> No, they're on the same subnet, can can see each other fine. And 
>> python-ldap comes back from the query immediately, so there is no 
>> real ldap issue as far as I can tell, it is some sort of problem 
>> between LDAPUserFolder and python-ldap, more likely, or the way the 
>> LDAPUserFolder is doing its lookups...
>>