Python-ldap not able to bind successfully

Titus P picture Titus P · Sep 13, 2013 · Viewed 12.8k times · Source

I am not having any luck finding answers on this, so here it goes.

When I attemtp to connect to an AD server using python-ldap, it appears to work successfully for some functions, and not for others. My connection:

>>>import sys
>>>import ldap

>>>l = ldap.initialize("ldap://company.com:389")
>>>l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
>>>l.simple_bind_s("[email protected]","password")
(97, [], 1, [])

Some simple google searching indicated that the 97 meant success, although the level of success is a bit wonky. But, for some reason, I cant find anything on the status code 1. If I run some ldap functions on the connection, some of them work and some do not.

>>>l.whoami_s()
'u:COMPANY.COM\\user'

Seems to return fine, but

>>> base_dn = 'dc=company,dc=com'
>>> retrieveAttributes = ["uniquemember"]
>>> searchFilter = "cn=user"
>>> l.search_s(base_dn, ldap.SCOPE_SUBTREE,searchFilter,retrieveAttributes)
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 552, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 546, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 458, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 462, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 469, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 476, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/home/user/.envs/scoring/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
    result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'}

I am stumped to why the whoami would work but the search would not. I am using a domain admin for the user, so it shouldn't have anything to do with permissions to the directory. Can anyone shed some light?

Answer

Cas picture Cas · Dec 13, 2013

I was getting the exact same error as you, what I did was adding this line (as suggested by Christopher), l.set_option(ldap.OPT_REFERRALS, 0) before doing the binding, e.g.

conn.protocol_version = ldap.VERSION3
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.simple_bind_s(user, pw)

And after that my connection to LDAP worked fine.