Home > Software design >  Why does python-ldap code raise the Exception ldap.REFERRAL?
Why does python-ldap code raise the Exception ldap.REFERRAL?

Time:10-17

I'm trying to use the python-ldap library to connect to an Active Directory Server. I'm using the code found in this link.

The following code works correctly:

    con = ldap.initialize(uri, bytes_mode=False)
    con.protocol_version = ldap.VERSION3
    con.set_option(ldap.OPT_REFERRALS, 0)  # required for AD authentication
    con.simple_bind_s(bindDN, bindPW)
    print("Authentication success!")

With correct credentials (in the variables bindDN and bindPW) the execution of the code enables the connection to my AD server so it prints the successfully message Authentication success! that is the last instruction of the previous snippet of code.

When I try to execute the following code, its last instruction, con.result3, raise the ldap.REFERRAL Exception.

    # optional, but reduce the number of supported control, since only this one will be parsed
    known_ldap_resp_ctrls = {
        SimplePagedResultsControl.controlType: SimplePagedResultsControl,
    }

    # instantiate the control that will make the paged results
    # it carries the page cookie (initially empty, to request the first page)
    req_ctrl = SimplePagedResultsControl(
        criticality=True,
        size=pagesize,
        cookie=''
    )

    # query next page, asynchronous
    msgid = con.search_ext(
        baseDN,
        ldap.SCOPE_SUBTREE,
        filterstr,
        attrlist=attrlist,
        serverctrls=[req_ctrl]
    )

    try:
        con.result3(msgid, timeout=timeout, resp_ctrl_classes=known_ldap_resp_ctrls)
    except ldap.REFERRAL as ex:
        print("REFERRAL Exception --> "   str(ex))

When is raised the ldap.REFERRAL Exception, the print instruction prints the following message:

REFERRAL Exception --> {'msgtype': 101, 'msgid': 2, 'result': 10, 'desc': 'Referral', 'ctrls': [('1.2.840.113556.1.4.319', 0, b'0\x84\x00\x00\x00\x05\x02\x01\x00\x04\x00')], 'info': 'Referral:\nldap://domain.local/DC=domain,DC=local'}

I'm completely stuck on this Exception.

Someone could help me to find where is the problem?

Thanks


If I execute the same query by the utility ldapsearch, it works correctly and the AD Server sends the requested data.

CodePudding user response:

Sorry I have made an error in the setting of variable baseDN which had the wrong value DC=domain,DC=local. baseDN variable is used by the function search_ext(). I report a snippet of code present in my question:

# query next page, asynchronous
msgid = con.search_ext(
  baseDN,
  ldap.SCOPE_SUBTREE,
  filterstr,
  attrlist=attrlist,
  serverctrls=[req_ctrl]
)

In fact if we check with attention the content of the Exception message, we find the field:

'info': 'Referral:\nldap://domain.local/DC=domain,DC=local'

In this part of the error message I have noted the valuesDC=domain,DC=local.

Setting the correct value of baseDN, the code work correctly and LDAP server sends the data requested.

I think is useful write this answer reporting a my mistake, because today while I was looking for the cause of the ldap.REFERRAL Exception, I have found many posts, write by other developers, with problems with this Exception.

  • Related