Closed bonzani closed 8 years ago
Would it be possible to post the additional dicts you get? I guess the are in conn.response
? It's ok if you obfuscate sensitive information. I just want to see the structure of the replies.
Yes, that's correct, they are in conn.response. I extracted the result of the user search. You can see that there are three additional dicts.
[
{'dn': 'CN=display name,OU=Users,OU=location,OU=COMPANY,DC=company,DC=ch',
'attributes': {'distinguishedName': [u'CN=display name,OU=Users,OU=location,OU=COMPANY,DC=company,DC=ch']},
'raw_attributes': {'distinguishedName': ['CN=display name,OU=Users,OU=location,OU=COMPANY,DC=company,DC=ch']},
'type': 'searchResEntry'
},
{'type': 'searchResRef',
'uri': ['ldap://DomainDnsZones.company.ch/DC=DomainDnsZones,DC=company,DC=ch']
},
{'type': 'searchResRef',
'uri': ['ldap://ForestDnsZones.company.ch/DC=ForestDnsZones,DC=company,DC=ch']
},
{'type': 'searchResRef',
'uri': ['ldap://company.ch/CN=Configuration,DC=company,DC=ch']
}
]
By the way the same goes for the group search. There are also this last three additional dicts in the response.
Could you check if #26 fixes your issue?
Yes this fixes the issue. Thanks very much for the fast change.
When I use the the example configuration and adapt it to our LDAP server, I always get an KeyError on line 159 in main.py.
I investigated the response of the ldap server and found out, that the server retourned additional dictionaries with meta information. My fix was this
I think it would be great if in some stable way the access to the dictionary would be checked or the exception be caught, so that the authentification doesn't fail just because there was additional information.