Discussion:
Local Error in simple_bind_s();
Leons Petrazickis
2007-12-14 23:36:49 UTC
Permalink
When I run this Python script under either 2.5 or 2.4:

import ldap
ds = ldap.initialize("ldap://foobar.ibm.com:636")
ds.protocol_version = ldap.VERSION2
ds.simple_bind_s()

I get this error:

Traceback (most recent call last):
File "test.py", line 13, in <module>
ds.simple_bind_s();
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 199, in
simple_bind_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in
result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in
result2
res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in
result3
rtype, rdata, rmsgid, serverctrls =
self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97, in
_ldap_call
result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'desc': 'Local error'}

But OpenLDAP commands work fine from the command prompt:

ldapsearch -h foobar.ibm.com -P 2 -x -b "ou=bluepages,o=ibm.com" -s sub
"(sn=Test)" cn tieline

Any ideas? I can't figure out what would cause a "Local error" from the
source code.

I am using the python-ldap package on Ubuntu Gutsy.

Regards,

Leons Petrazickis
http://lpetr.org/blog/
Michael Ströder
2007-12-15 13:30:55 UTC
Permalink
Post by Leons Petrazickis
ldap.LOCAL_ERROR: {'desc': 'Local error'}
[..]
[..]
I am using the python-ldap package on Ubuntu Gutsy.
I have no clue which version of python-ldap Ubuntu is using. Nor do I
know whether they applied any patches *they* believe to be necessary
before packaging it. Could you please try to reproduce the problem with
a stock python-ldap 2.3.1 built from official source distribution
against recent OpenLDAP libs 2.3.x?

Another option to track down issues is to turn on debug logging in
python-ldap and also in the OpenLDAP libs:

ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095)

and

l = ldap.initialize('ldap://yourserver:port',trace_level=2)

Ciao, Michael.
Leons Petrazickis
2007-12-18 19:37:52 UTC
Permalink
Hi Michael,

Thank you very much for the logging tip.

I've installed Thorsten Kurbad's python_ldap-2.3.1-py2.4-linux-i686.egg on
my Python 2.4 install

This is the script:

ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095)

l = ldap.initialize("ldap://bluepages.ibm.com:636/",trace_level=2);
l.protocol_version = ldap.VERSION2;
l.simple_bind_s();

And this is the log output:

ldap_create
ldap_url_parse_ext(ldap://bluepages.ibm.com:636/)
*** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.set_option ((17,
3),{})
*** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.set_option ((17,
2),{})
*** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.simple_bind (('', '',
None, None),{})
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP bluepages.ibm.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 9.17.186.253:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
=> result: 1
*** ldap://bluepages.ibm.com:636/ - SimpleLDAPObject.result3 ((1, 1,
-1),{})
ldap_result ld 0x81afba8 msgid 1
ldap_chkResponseList ld 0x81afba8 msgid 1 all 1
ldap_chkResponseList returns ld 0x81afba8 NULL
wait4msg ld 0x81afba8 msgid 1 (infinite timeout)
wait4msg continue ld 0x81afba8 msgid 1 all 1
** ld 0x81afba8 Connections:
* host: bluepages.ibm.com port: 636 (default)
refcnt: 2 status: Connected
last used: Mon Dec 17 18:34:20 2007

** ld 0x81afba8 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x81afba8 Response Queue:
Empty
ldap_chkResponseList ld 0x81afba8 msgid 1 all 1
ldap_chkResponseList returns ld 0x81afba8 NULL
ldap_int_select
read1msg: ld 0x81afba8 msgid 1 all 1
ldap_err2string
=> LDAPError - LOCAL_ERROR: {'desc': 'Local error'}
Traceback (most recent call last):
File "test.py", line 15, in ?
l.simple_bind_s();
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 199, in simple_bind_s
return self.result(msgid,all=1,timeout=self.timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 428, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 432, in result2
res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 438, in result3
rtype, rdata, rmsgid, serverctrls =
self._ldap_call(self._l.result3,msgid,all,timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 97, in _ldap_call
result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'desc': 'Local error'}
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

Does this mean that the connection is successful, but then there is a crash
in message processing? What can I do?

Thanks,

Leons Petrazickis
http://lpetr.org/blog/






Michael Ströder
<***@stroeder
.com> To
Leons Petrazickis/Toronto/***@IBMCA
15/12/2007 08:30 cc
AM python-ldap-***@lists.sourceforge.n
et
Subject
Re: Local Error in simple_bind_s();
Post by Leons Petrazickis
ldap.LOCAL_ERROR: {'desc': 'Local error'}
[..]
[..]
I am using the python-ldap package on Ubuntu Gutsy.
I have no clue which version of python-ldap Ubuntu is using. Nor do I
know whether they applied any patches *they* believe to be necessary
before packaging it. Could you please try to reproduce the problem with
a stock python-ldap 2.3.1 built from official source distribution
against recent OpenLDAP libs 2.3.x?

Another option to track down issues is to turn on debug logging in
python-ldap and also in the OpenLDAP libs:

ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095)

and

l = ldap.initialize('ldap://yourserver:port',trace_level=2)

Ciao, Michael.
Michael Ströder
2007-12-18 22:05:16 UTC
Permalink
Post by Leons Petrazickis
I've installed Thorsten Kurbad's python_ldap-2.3.1-py2.4-linux-i686.egg on
my Python 2.4 install
Which OS? Which Linux distribution? Which OpenLDAP libs?
Cannot see anything obviously wrong.
Post by Leons Petrazickis
ldap.LOCAL_ERROR: {'desc': 'Local error'}
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
Does this mean that the connection is successful, but then there is a crash
in message processing?
Hmm, yes something's really strange.

If on Linux could you please check with ldd
<path-to-site-packages>/_ldap.so which OpenLDAP libs are actually used.

Ciao, Michael.
Leons Petrazickis
2007-12-19 19:05:04 UTC
Permalink
Post by Michael Ströder
Post by Leons Petrazickis
I've installed Thorsten Kurbad's python_ldap-2.3.1-py2.4-linux-i686.egg
on
Post by Michael Ströder
Post by Leons Petrazickis
my Python 2.4 install
Which OS? Which Linux distribution? Which OpenLDAP libs?
I was using:
Ubuntu 7.10 with Linux kernel 2.6.22-14-386
OpenLDAP 2.3.35-1ubuntu0.1
libsasl2 2.1.22.dfsg1-9ubuntu2
Python 2.4.4-6ubuntu4

Just now, I installed:
OpenLDAP 2.3.39

This command worked fine:
ldapsearch -h bluepages.ibm.com -P 2 -x -b "ou=bluepages,o=ibm.com" -s sub
"(sn=Leon)" cn tieline

But the python-ldap error stayed the same.

I then compiled a custom copy of python-ldap 2.3.1. I got these warnings
during compilation:
file Lib/ldap.py (for module ldap) not found
file Lib/ldap/schema.py (for module ldap.schema) not found

(The files are not in the download.)

It compiled and installed without fatal errors. However, it now crashes
very differently:

Traceback (most recent call last):
File "test.py", line 10, in ?
ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/functions.py",
line 126, in set_option
_ldap_function_call(_ldap.set_option,option,invalue)
AttributeError: 'module' object has no attribute 'set_option'

Should I go back to the prebuilt .egg?
Post by Michael Ströder
Hmm, yes something's really strange.
If on Linux could you please check with ldd
<path-to-site-packages>/_ldap.so which OpenLDAP libs are actually used.
With Ubuntu's OpenLDAP:
linux-gate.so.1 => (0xffffe000)
libldap_r-2.3.so.0 => /usr/lib/libldap_r-2.3.so.0 (0xb7f2a000)
liblber-2.3.so.0 => /usr/lib/liblber-2.3.so.0 (0xb7f1d000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7f05000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7ec4000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d81000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d69000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7c1f000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c0b000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7c07000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7bf2000)
/lib/ld-linux.so.2 (0x80000000)

With custom OpenLDAP:
linux-gate.so.1 => (0xffffe000)
libldap_r-2.3.so.0 => /usr/lib/libldap_r-2.3.so.0 (0xb7ebd000)
liblber-2.3.so.0 => /usr/lib/liblber-2.3.so.0 (0xb7eb0000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7e98000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7e57000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d14000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7cfc000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7bb2000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b9e000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b9a000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b85000)
/lib/ld-linux.so.2 (0x80000000)

Regards,

Leons Petrazickis
http://lpetr.org/blog
Michael Ströder
2007-12-20 11:19:10 UTC
Permalink
Post by Leons Petrazickis
Post by Michael Ströder
Post by Leons Petrazickis
I've installed Thorsten Kurbad's python_ldap-2.3.1-py2.4-linux-i686.egg
on
Post by Michael Ströder
Post by Leons Petrazickis
my Python 2.4 install
Which OS? Which Linux distribution? Which OpenLDAP libs?
Ubuntu 7.10 with Linux kernel 2.6.22-14-386
OpenLDAP 2.3.35-1ubuntu0.1
libsasl2 2.1.22.dfsg1-9ubuntu2
Python 2.4.4-6ubuntu4
OpenLDAP 2.3.39
Well, I simply don't know whether Thorsten's egg file is really binary
compatible with your system. That's why I always recommend to build from
source when strange issues arise.
Post by Leons Petrazickis
ldapsearch -h bluepages.ibm.com -P 2 -x -b "ou=bluepages,o=ibm.com" -s sub
"(sn=Leon)" cn tieline
Ok. Just for the records: What kind of LDAP server product is this? Is
LDAPv3 connect definitely not possible?
Post by Leons Petrazickis
I then compiled a custom copy of python-ldap 2.3.1. I got these warnings
file Lib/ldap.py (for module ldap) not found
file Lib/ldap/schema.py (for module ldap.schema) not found
Yes, ignore it.

http://python-ldap.sourceforge.net/faq.shtml item 6
Post by Leons Petrazickis
It compiled and installed without fatal errors. However, it now crashes
File "test.py", line 10, in ?
ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/functions.py",
line 126, in set_option
_ldap_function_call(_ldap.set_option,option,invalue)
AttributeError: 'module' object has no attribute 'set_option'
Should I go back to the prebuilt .egg?
No. I'd rather recommend to really remove the stuff from the formerly
installed egg file since that's what the path above look like. Closely
examine your /usr/lib/python2.4/site-packages and rm everything which
looks like the egg files and these python-ldap files:
_ldap.so
ldap/
ldif.py*
dsml.py*
ldapurl.py*

Then go into the directory where you built the source distribution and
invoke as root:

python setup.py install
Post by Leons Petrazickis
Post by Michael Ströder
If on Linux could you please check with ldd
<path-to-site-packages>/_ldap.so which OpenLDAP libs are actually used.
[..]
??? Did you install OpenLDAP 2.3.39 in a different prefix?
Beware you have to adjust parameters library_dirs and include_dirs in
setup.cfg then when building python-ldap from source.

Ciao, Michael.
Leons Petrazickis
2007-12-21 17:41:41 UTC
Permalink
Post by Michael Ströder
Ok. Just for the records: What kind of LDAP server product is this? Is
LDAPv3 connect definitely not possible?
I was mistaken earlier. LDAPv3 connect is possible. It just has to use
simple authentication, not SASL.
Post by Michael Ströder
No. I'd rather recommend to really remove the stuff from the formerly
installed egg file since that's what the path above look like. Closely
examine your /usr/lib/python2.4/site-packages and rm everything which
_ldap.so
ldap/
ldif.py*
dsml.py*
ldapurl.py*
I removed these. I then moved the OpenLDAP libs from /usr/lib to
/usr/lib-backup, and removed all the extraneous copies lying around.

Finally, I reinstalled OpenLDAP 2.3.39 from source into /usr/lib and then
rebuilt python-ldap into the python2.4 site-packages.

ldd _ldap.so gives this:

linux-gate.so.1 => (0xffffe000)
libldap_r-2.3.so.0 => /usr/lib/libldap_r-2.3.so.0 (0xb7f4f000)
liblber-2.3.so.0 => /usr/lib/liblber-2.3.so.0 (0xb7f42000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7f2a000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7ee9000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da6000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d8e000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7c44000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c30000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7c2c000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7c17000)
/lib/ld-linux.so.2 (0x80000000)

But the old error has returned:

...
ldap_chkResponseList returns ld 0x81a3e70 NULL
wait4msg ld 0x81a3e70 msgid 1 (infinite timeout)
wait4msg continue ld 0x81a3e70 msgid 1 all 1
** ld 0x81a3e70 Connections:
* host: bluepages.ibm.com port: 636 (default)
refcnt: 2 status: Connected
last used: Thu Dec 20 16:13:02 2007

** ld 0x81a3e70 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x81a3e70 Response Queue:
Empty
ldap_chkResponseList ld 0x81a3e70 msgid 1 all 1
ldap_chkResponseList returns ld 0x81a3e70 NULL
ldap_int_select
read1msg: ld 0x81a3e70 msgid 1 all 1
ldap_err2string
=> LDAPError - LOCAL_ERROR: {'desc': 'Local error'}
Traceback (most recent call last):
File "test.py", line 8, in ?
l.simple_bind_s()
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 199, in simple_bind_s
return self.result(msgid,all=1,timeout=self.timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 428, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 432, in result2
res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 438, in result3
rtype, rdata, rmsgid, serverctrls =
self._ldap_call(self._l.result3,msgid,all,timeout)
File
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 97, in _ldap_call
result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'desc': 'Local error'}
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
Post by Michael Ströder
Beware you have to adjust parameters library_dirs and include_dirs in
setup.cfg then when building python-ldap from source.
What should they be set to? I used this in the last compile:

library_dirs = /usr/openldap-2.3/lib /usr/lib
include_dirs = /usr/openldap-2.3/include /usr/include/sasl

Before, I was leaving them unchanged.

I'm going to set up a fresh Ubuntu system. If it works, I'll rebuild the
current server from scratch.

Thank you very much for all the help, Michael. This is a frustrating
problem.

Regards,

Leons Petrazickis
Michael Ströder
2007-12-21 17:53:38 UTC
Permalink
Post by Leons Petrazickis
Post by Michael Ströder
_ldap.so
ldap/
ldif.py*
dsml.py*
ldapurl.py*
I removed these. I then moved the OpenLDAP libs from /usr/lib to
/usr/lib-backup, and removed all the extraneous copies lying around.
[..]
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 97, in _ldap_call
result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'desc': 'Local error'}
A fresh install of python-ldap does not reside in this directory like
the ones used in the traceback:
/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg
Remove that completely.

After a python setup.py install the python-ldap modules reside in
/usr/lib/python2.4/site-packages. And in case of an error this module
path is shown in traceback.

There is some module mix on your system.

Ciao, Michael.
Michael Ströder
2007-12-21 17:53:38 UTC
Permalink
Post by Leons Petrazickis
Post by Michael Ströder
_ldap.so
ldap/
ldif.py*
dsml.py*
ldapurl.py*
I removed these. I then moved the OpenLDAP libs from /usr/lib to
/usr/lib-backup, and removed all the extraneous copies lying around.
[..]
"/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg/ldap/ldapobject.py",
line 97, in _ldap_call
result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'desc': 'Local error'}
A fresh install of python-ldap does not reside in this directory like
the ones used in the traceback:
/usr/lib/python2.4/site-packages/python_ldap-2.3.1-py2.4-linux-i686.egg
Remove that completely.

After a python setup.py install the python-ldap modules reside in
/usr/lib/python2.4/site-packages. And in case of an error this module
path is shown in traceback.

There is some module mix on your system.

Ciao, Michael.
Michael Ströder
2007-12-22 12:18:31 UTC
Permalink
Post by Leons Petrazickis
Post by Michael Ströder
Ok. Just for the records: What kind of LDAP server product is this? Is
LDAPv3 connect definitely not possible?
I was mistaken earlier. LDAPv3 connect is possible. It just has to use
simple authentication, not SASL.
BTW: You should definitely use LDAPv3 instead of LDAPv2.

Out of curiosity: What kind of server is this (vendor/version)?

Ciao, Michael.
Leons Petrazickis
2007-12-29 22:03:11 UTC
Permalink
Hi Michael,

I now have a fresh Ubuntu 7.10 install with OpenLDAP 2.1 in /usr/lib and a
manually
compiled OpenLDAP 2.3.39 in /usr/local/lib.

The appropriate dirs are in setup.cfg:

library_dirs = /usr/local/lib
include_dirs = /usr/local/include /usr/include/sasl

ldd _ldap.so says that python-ldap links to the right one:

linux-gate.so.1 => (0xffffe000)
libldap_r-2.3.so.0 => /usr/local/lib/libldap_r-2.3.so.0 (0xb7f36000)
liblber-2.3.so.0 => /usr/local/lib/liblber-2.3.so.0 (0xb7f29000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7f06000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7ec5000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d82000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d6a000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7c20000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c0c000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7c08000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7bf3000)
/lib/ld-linux.so.2 (0x80000000)

Doing a simple_bind_s() on ldap.openldap.org works:

...
wait4msg ld 0x81e50b8 msgid 1 (infinite timeout)
wait4msg continue ld 0x81e50b8 msgid 1 all 1
** ld 0x81e50b8 Connections:
* host: ldap.openldap.org port: 389 (default)
refcnt: 2 status: Connected
last used: Sat Dec 29 15:11:47 2007

** ld 0x81e50b8 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x81e50b8 Response Queue:
Empty
ldap_chkResponseList ld 0x81e50b8 msgid 1 all 1
ldap_chkResponseList returns ld 0x81e50b8 NULL
ldap_int_select
read1msg: ld 0x81e50b8 msgid 1 all 1
read1msg: ld 0x81e50b8 msgid 1 message type bind
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: ld 0x81e50b8 0 new referrals
read1msg: mark request completed, ld 0x81e50b8 msgid 1
request done: ld 0x81e50b8 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_msgfree
=> result: (97, [], 1, [])
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

But a simple_bind_s() on bluepages.ibm.com doesn't:

wait4msg continue ld 0x81e4ef0 msgid 1 all 1
** ld 0x81e4ef0 Connections:
* host: bluepages.ibm.com port: 636 (default)
refcnt: 2 status: Connected
last used: Sat Dec 29 15:11:16 2007

** ld 0x81e4ef0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x81e4ef0 Response Queue:
Empty
ldap_chkResponseList ld 0x81e4ef0 msgid 1 all 1
ldap_chkResponseList returns ld 0x81e4ef0 NULL
ldap_int_select
read1msg: ld 0x81e4ef0 msgid 1 all 1
ldap_err2string
=> LDAPError - LOCAL_ERROR: {'desc': 'Local error'}
Traceback (most recent call last):
File "test.py", line 10, in <module>
l.simple_bind_s();
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
199, in simple_bind_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
428, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
432, in result2
res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line
438, in result3
rtype, rdata, rmsgid, serverctrls =
self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97,
in _ldap_call
result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'desc': 'Local error'}
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

However, ldapsearch doesn't crash at this point:

...
** ld 0x8084d08 Response Queue:
Empty
ldap_chkResponseList ld 0x8084d08 msgid 1 all 1
ldap_chkResponseList returns ld 0x8084d08 NULL
ldap_int_select
read1msg: ld 0x8084d08 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
read1msg: ld 0x8084d08 msgid 1 message type bind
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x8084d08 0 new referrals
read1msg: mark request completed, ld 0x8084d08 msgid 1
request done: ld 0x8084d08 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
...

It probably uses the OpenLDAP 2.1 libraries, though. I could make it use
the 2.3 ones if it would help.
Post by Michael Ströder
Out of curiosity: What kind of server is this (vendor/version)?
It's Tivoli Directory Server 5.2:

dn:
namingcontexts: CN=SCHEMA
namingcontexts: CN=LOCALHOST
namingcontexts: CN=PWDPOLICY
namingcontexts: CN=IBMPOLICIES
namingcontexts: O=IBM.COM
namingcontexts: O=DELETED.IBM.COM
subschemasubentry: cn=schema
...
secureport: 636
security: ssl
port: 389
supportedsaslmechanisms: CRAM-MD5
supportedsaslmechanisms: DIGEST-MD5
supportedldapversion: 2
supportedldapversion: 3
ibmdirectoryversion: 5.2
ibm-ldapservicename: d03ldr215a
ibm-serverId: 34519bc0-4c01-102b-8a2e-caf840af47c5
...
vendorname: International Business Machines (IBM)
vendorversion: 5.2
...
ibm-slapdisconfigurationmode: FALSE
ibm-slapdSizeLimit: 100000
ibm-slapdTimeLimit: 0
ibm-slapdDerefAliases: never
ibm-supportedAuditVersion: 2
ibm-sasldigestrealmname: d03ldr215a

Could the blank dn be a problem?

What can I do? What can I log? I tried telneting to the ldap server, but
that didn't give any useful output.

Thanks,

Leons Petrazickis
http://lpetr.org/blog/
Michael Ströder
2007-12-30 13:04:07 UTC
Permalink
Post by Leons Petrazickis
I now have a fresh Ubuntu 7.10 install with OpenLDAP 2.1 in /usr/lib and a
manually compiled OpenLDAP 2.3.39 in /usr/local/lib.
I hope you did not install python-ldap from Ubuntu. Do you have more
than one version of Python on this system?

Did you really

configure --prefix=/usr/local
make
make install

when compiling OpenLDAP? Are you sure that the include file ldap.h and
lber.h were present under /usr/local/include when building python-ldap?

I'd recommend to completely stay out of the standard LIB path.

1. Remove what you manually copied to /usr/local/lib and /usr/local/include.
2. Build OpenLDAP 2.3 with

configure --prefix=/opt/openldap-2.3
make
make install (as root)

If you only want the OpenLDAP client libs you can add --disable-slapd
and --disable-slurpd to the configure command line.

3. and then set

library_dirs = /opt/openldap-2.3/lib
include_dirs = /opt/openldap-2.3/include /usr/include/sasl

4. and invoke as root
python2.5 setup.py install

Make sure to remove the old content of build/ in the python-ldap source
dir before.
Post by Leons Petrazickis
linux-gate.so.1 => (0xffffe000)
libldap_r-2.3.so.0 => /usr/local/lib/libldap_r-2.3.so.0 (0xb7f36000)
liblber-2.3.so.0 => /usr/local/lib/liblber-2.3.so.0 (0xb7f29000)
And how about ldd /usr/local/lib/libldap_r-2.3.so.0?
Post by Leons Petrazickis
[..]
ldap_err2string
=> LDAPError - LOCAL_ERROR: {'desc': 'Local error'}
Hmm, really strange.
Post by Leons Petrazickis
wait4msg continue ld 0x81e4ef0 msgid 1 all 1
* host: bluepages.ibm.com port: 636 (default)
Hmm, did you really use ldap.initialize('ldaps://bluepages.ibm.com') for
creating the LDAPObject instance? Note the URL scheme ldaps instead of
just ldap. I don't see any SSL-related debug messages.
Post by Leons Petrazickis
[..]
It probably uses the OpenLDAP 2.1 libraries, though. I could make it use
the 2.3 ones if it would help.
If you invoke make install the OpenLDAP command-line utilities are
installed under <prefix>/bin, e.g. /opt/openldap-2.3/bin/ldapsearch if
using the --prefix as suggested above. Then this command-line tool is
using the right libs.
Post by Leons Petrazickis
Could the blank dn be a problem?
It's correct. This is the rootDSE which indeed has an empty DN, "" in
Python syntax.

Ciao, Michael.

Loading...