I’m having an issue where the python-ldap module is returning no results, even though I am able to get results through other methods. I use the same parameters as ldapsearch, but the python code turns up nothing. This happens with a large number of hostnames that I search for.
Specifically, I am able to get valid LDAP data returned for a hostname with the following:
The following are my LDAP related modules. Note that I know the ldap module version is a little old, but as I’m running RHEL 7.5, it’s the newest I can make it without causing other dependencies to break, i.e. I had to install this via RPM.
Are there verbose settings for python-ldap I can set to see more of what's happening?
Specifically, I am able to get valid LDAP data returned for a hostname with the following:
Output:$ [2014][AD-user@host-joined-to-AD:~]$ ldapsearch -x -H ldaps://ldap-host-here.ds.subdomain.net:636 -D "[email protected]” -w ‘password-here' -b "DC=ds,DC=subdomain,DC=net" "(&(objectclass=computer)(cn=hostname-here))” |lessThe following are my LDAP related modules. Note that I know the ldap module version is a little old, but as I’m running RHEL 7.5, it’s the newest I can make it without causing other dependencies to break, i.e. I had to install this via RPM.
Output:$ pip freeze | grep ldap
ldap3==2.5.1
python-ldap==2.4.15Output:$ ./to-post.py
Initializing LDAP connection object with uri ldaps://ldap-host-here.ds.subdomain.net:636
Binding with username username-here…
LDAP results - []#!/usr/bin/python
import ldap
#####################################
# IN: cfg, hostname, domain string
# OUT: True or False (if in AD or not)
def CheckIfHostInAD(cfg, hostname, env):
domain = "tld-value-here"
username = 'username-here'
password = 'password-here'
uri = "ldaps://ldap-host-here." + domain + ":636"
(subdomain, tld) = domain.split('.')
## Create instance of LDAP class. No connection has been made yet.
print("Initializing LDAP connection object with uri " + uri )
l = ldap.initialize(uri) #####!!!
results = []
OU_setting = ""
try:
# When we connect, make sure to connect using LDAPv3
l.protocol_version = ldap.VERSION3
#set connection
l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
print("Binding with username " + username + "...")
bind = l.simple_bind_s(username, password)
# When we search, the base is the level at which we want to start searching
OU_setting = ""
base = OU_setting + "DC=ds,DC=" + subdomain + ",DC=net"
# When we search, filter results down to ones that have an objectClass of "computer"
criteria = "(&(objectclass=computer)(cn=" + hostname + "))"
attributes = ['name']
print("Getting hostnames in " + domain
+ ", base " + str(base) + ", criteria " + str(criteria) )
# Ok! Search and store the result in the variable "result"
ldap_dump = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes)
print("Found " + len(ldap_dump) + " hostnames in " + domain)
# Print the results to the console
for data_dict in [entry for dn, entry in ldap_dump if isinstance(entry, dict)]:
results.append(data_dict["name"][0])
except Exception as e:
print("error - " + e)
# Now that we're done (failed or not), release the connection
finally:
l.unbind()
print("LDAP results - " + str(results))
return results
cfg = ""
hostname = “short-hostname-here”
env = ""
result = CheckIfHostInAD(cfg, hostname, env)
quit()As I noted earlier, I'd prefer not to upgrade the python-ldap module if not needed. In other words, unless there's something in a newer version where a bug resulting in no data being returned, I'd prefer not to upgrade.Are there verbose settings for python-ldap I can set to see more of what's happening?