I've got a project to delete the duplicates in a large LDAP database, but so far ...
I am just trying to get the schema and I can't see anything:
>> import ldap3
>>> s = ldap3.Server('ldaps://omitted')
>>> s.schema
>>> s2 = ldap3.Server('ldaps://omitted',get_info=ldap3.ALL)
>>> s2.schema
>>> s2.info
>>> s.info
(omitted is the URL as I don't have permission yet from my employer.)
Any idea about this? The server is set up behind security and doesn't require any authentication to connect.
On
This is only a partial answer, but I have made some progress. The big info was that the server does require authentication even though the PHP code I first saw didn't seem to be using it.
I now have this code:
from pprint import pprint
from ldap3 import Server, Connection, SAFE_SYNC, ALL
search_base = '*omitted*'
search_filter = '(uid=mmcwiggins)'
attrs = ['*']
server = Server('ldaps://*omitted*', get_info=ALL)
mypass = 'not.really.the.pass'.encode('iso-8859-1')
connect = Connection(server, user='mmcwiggins', password=mypass)
connect.bind()
print(connect)
print(server.schema)
That produces this response:
ldaps://lbdc.secret.company.com:636 - ssl - user: mmcwiggins - not lazy - unbound - open - <local: 10.184.200.19:49737 - remote: 10.184.67.152:636> - tls not started - listening - SyncStrategy - internal decoder
None
Any ideas after seeing this?
On
I finally got this to work using ldapsearch instead of Python.
I was helped by a local guru; it needed the .ldaprc file in the home directory. The key parameter in this file was TLS_REQCERT ALLOW.
Complete command line was like this (corporate identity blanked out):
ldapsearch -x -D "SEA\mmcwiggins" -b "DC=SEA,DC=CORP,DC=*****,DC=COM" -E pr=1000/noprompt -H ldaps://lbdc.sea.corp.******.com -W sAMAccountName='*' >bigresult
Well, you have to bind your connection first. Try this: