Python: how to setup python-ldap to ignore referra

2019-07-22 01:23发布

how can I avoid getting (undocumented) exception in following code?

import ldap
import ldap.sasl

connection = ldap.initialize('ldaps://server:636', trace_level=0)
connection.set_option(ldap.OPT_REFERRALS, 0)
connection.protocol_version = 3
sasl_auth = ldap.sasl.external()
connection.sasl_interactive_bind_s('', sasl_auth)

baseDN = 'ou=org.com,ou=xx,dc=xxx,dc=com'
filter = 'objectclass=*'
try:
  result = connection.search_s(baseDN, ldap.SCOPE_SUBTREE, filter)
except ldap.REFERRAL, e:
  print "referral"
except ldap.LDAPError, e:
  print "Ldaperror"

It happens that baseDN given in example is a referral. When I run this code I get referral as output.

What would I want is that python-ldap just would skip it or ignore without throwing strange exception (I cannot find documentation about it)?

(this may help or not) The problem happened when I was searching baseDN upper in a tree. When I was searching 'ou=xx,dc=xxx,dc=com' it started to freeze on my production env when on development env everything works great. When I started to looking at it I found that it freezing on referral branches. How can I tell python-ldap to ignore referrals? Code above does not work as I want.

1条回答
迷人小祖宗
2楼-- · 2019-07-22 01:38

This is a working example, see if it helps.

def ldap_initialize(remote, port, user, password, use_ssl=False, timeout=None):
    prefix = 'ldap'
    if use_ssl is True:
        prefix = 'ldaps'
        # ask ldap to ignore certificate errors
        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

    if timeout:
        ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, timeout)

    ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
    server = prefix + '://' + remote + ':' + '%s' % port
    l = ldap.initialize(server)
    l.simple_bind_s(user, password)
查看更多
登录 后发表回答