Can't get Python ldap3 to show schema

Question

I've got a project to delete the duplicates in a large LDAP database, but so far ...

I am just trying to get the schema and I can't see anything:

>> import ldap3
>>> s = ldap3.Server('ldaps://omitted')
>>> s.schema
>>> s2 = ldap3.Server('ldaps://omitted',get_info=ldap3.ALL)
>>> s2.schema
>>> s2.info
>>> s.info

(omitted is the URL as I don't have permission yet from my employer.)

Any idea about this? The server is set up behind security and doesn't require any authentication to connect.

I need to know how to query for the data; how to do that without seeing the schema? — Mark McWiggins, May 21 '21 at 04:17

Mark McWiggins · Answer 1 · 2021-06-07T17:04:58.083

I finally got this to work using ldapsearch instead of Python.

I was helped by a local guru; it needed the .ldaprc file in the home directory. The key parameter in this file was TLS_REQCERT ALLOW.

Complete command line was like this (corporate identity blanked out):

ldapsearch -x -D "SEA\mmcwiggins" -b "DC=SEA,DC=CORP,DC=*****,DC=COM" -E pr=1000/noprompt -H ldaps://lbdc.sea.corp.******.com -W sAMAccountName='*' >bigresult

brillenheini · Answer 2 · 2021-05-10T10:15:11.263

0

Well, you have to bind your connection first. Try this:

from ldap3 import Connection, Server

# take 636 for secured connection, use_ssl=True may be necessary
server = Server('myhost.company.com', port=389) 
cnx = Connection(server, user='cn=user', password='whatever')
# either use auto_bind=True or set bind explicitly
cnx.bind()
# now you should be able to see the schema
# Caution: depending on the schema, it may take quite long to show it
print(server.schema)

edited May 10 '21 at 10:15

answered May 07 '21 at 08:12

brillenheini

793
7
22

I was binding it ... I tried exactly what you have above except it's **server.schema** not **cnx.schema** and I just get **None** as output... – Mark McWiggins May 07 '21 at 17:00
Is it going back to prompt immediately or are you maybe just impatient? I tried it against an AD server, and it took quite a while until I got an output on my screen. – brillenheini May 10 '21 at 10:16
It came back with None immediately. – Mark McWiggins May 10 '21 at 14:32
But you can query your directory without any problem, right? – brillenheini May 11 '21 at 07:53
What do you mean, 'query your directory'? If I can't even see the schema, how do I do anything else? – Mark McWiggins May 12 '21 at 02:54
Sorry for the delay. I have a server here, which responds to `server.schema` properly, but does not give output to `server.info`. What I also recognized is that it may be related to the user you're using and the corresponsing access rights. Sorry, but I may not have a better answer for you. – brillenheini May 19 '21 at 08:37

score 0 · Answer 3 · answered May 21 '21 at 02:19

This is only a partial answer, but I have made some progress. The big info was that the server does require authentication even though the PHP code I first saw didn't seem to be using it.

I now have this code:


from pprint import pprint
from ldap3 import Server, Connection, SAFE_SYNC, ALL

search_base = '*omitted*'
search_filter = '(uid=mmcwiggins)'
attrs = ['*']

server = Server('ldaps://*omitted*', get_info=ALL)
mypass = 'not.really.the.pass'.encode('iso-8859-1')
connect = Connection(server, user='mmcwiggins', password=mypass)
connect.bind()
print(connect)
print(server.schema)

That produces this response:

ldaps://lbdc.secret.company.com:636 - ssl - user: mmcwiggins - not lazy - unbound - open - <local: 10.184.200.19:49737 - remote: 10.184.67.152:636> - tls not started - listening - SyncStrategy - internal decoder
None

Any ideas after seeing this?

Can't get Python ldap3 to show schema

3 Answers3