Closed tpokorra closed 10 years ago
if there is no lastlogin yet:
ERROR <class 'ldap.PROTOCOL_ERROR'>
ERROR PROTOCOL_ERROR({'info': 'no values given', 'desc': 'Protocol error'},)
ERROR Could not update dn u'uid=test3,ou=People,dc=test,dc=pokorra,dc=de':
[(0, 'tbitskolablastlogin', 1410274268)]
see http://www.python-ldap.org/doc/html/ldap.html modify_s
ldapsearch -x -h localhost -D "cn=Directory Manager" -w "$password" -b "uid=test2,ou=people,dc=test,dc=pokorra,dc=de" "*"
ldapsearch -x -h localhost -D "cn=Directory Manager" -w "$password" -b "dc=test,dc=pokorra,dc=de" aci
cat > ./ldapparam.txt <<END
dn: dc=test,dc=pokorra,dc=de
changetype: modify
add: aci
aci: (targetattr = "tbitsKolabLastLogin") (version 3.0;acl "LastLoginPermission";allow
(read,compare,search,write)(userdn = "ldap:///cn=Directory Manager");)
END
ldapmodify -x -h localhost -D "cn=Directory Manager" -w $password -f ldapparam.txt
what about latest version python-ldap? https://pypi.python.org/pypi/python-ldap/ shows 2.4.16. we have installed: python-ldap-2.4.6-15.el6.kolab_3.4.x86_64
wget https://pypi.python.org/packages/source/p/python-ldap/python-ldap-2.4.16.tar.gz tar xzf python-ldap-2.4.16.tar.gz cd python-ldap-2.4.16 yum install gcc openldap-devel python-devel python setup.py build python setup.py install
verify installation: easy_install python-ldap # shows: 2.4.16
but it does not solve the ldap.PROTOCOL_ERROR nor the ldap.INSUFFICIENT_ACCESS
now I have written a small python test script, that does the same thing:
import _ldap
import ldap
import ldap.async
import ldap.controls
import sys
import time
class MyTest:
def __init__(self):
self.ldap = ldap.ldapobject.ReconnectLDAPObject(
'ldap://localhost:389',
trace_level=0,
retry_max=200,
retry_delay=3.0
)
self.ldap.protocol_version = 3
self.ldap.supported_controls = []
bind_dn='cn=Directory Manager'
bind_pw='test'
try:
self.ldap.simple_bind_s(bind_dn, bind_pw)
except ldap.SERVER_DOWN:
print("server down.")
except ldap.INVALID_CREDENTIALS:
print("Invalid DN, username and/or password.")
dn="uid=test2,ou=People,dc=test,dc=pokorra,dc=de"
modlist=[(ldap.MOD_REPLACE, 'tbitsKolabLastLogin', str(int(time.time())))]
try:
if self.ldap.modify_s(dn, modlist):
print("modification was successful!")
except:
print("Could not update dn %r:\n%r" % (dn, modlist))
print("%r" % (sys.exc_info()[0]))
print("%r" % (sys.exc_info()[1]))
print("%r" % (sys.exc_info()[2]))
print("--------")
dn="uid=test2,ou=People,dc=test,dc=pokorra,dc=de"
modlist=[(ldap.MOD_DELETE, 'tbitskolablastlogin', None)]
try:
if self.ldap.modify_s(dn, modlist):
print("delete was successful!")
except:
print("Could not update dn %r:\n%r" % (dn, modlist))
print("%r" % (sys.exc_info()[0]))
print("%r" % (sys.exc_info()[1]))
print("%r" % (sys.exc_info()[2]))
print("--------")
dn="uid=test2,ou=People,dc=test,dc=pokorra,dc=de"
modlist=[(ldap.MOD_ADD, 'tbitskolablastlogin', str(int(time.time())))]
try:
if self.ldap.modify_s(dn, modlist):
print("add was successful!")
except:
print("Could not update dn %r:\n%r" % (dn, modlist))
print("%r" % (sys.exc_info()[0]))
print("%r" % (sys.exc_info()[1]))
print("%r" % (sys.exc_info()[2]))
print("--------")
myApp=MyTest()
it seems it works if the timestamp is passed as a string. it fails if it is an integer.
ok, the problem was that the call self.ldap.simple_bind_s with the dn of the user: https://git.kolab.org/pykolab/tree/pykolab/auth/ldap/__init__.py#n221 therefore we were not connected with directory manager anymore!
current debugging:
/usr/lib/python2.6/site-packages/pykolab/auth/ldap/__init__.py
(https://git.kolab.org/pykolab/tree/pykolab/auth/ldap/__init__.py), in set_entry_attributes: log.error(sys.exc_info()[0]) log.error(sys.excinfo()[1]) log.error(("Could not update dn %r:\n%r") % (dn, modlist))shows:
but cn=Directory Manager is used in _bind
But I can modify the value on the command line:
I have changed
/usr/lib/python2.6/site-packages/pykolab/auth/ldap/auth_cache.py
hours=1 to minutes=1 for testing.