Fedora directory users - Oct 2008 - FDS - The whoami Response

I was writing a program in python and trying a response "Who am I
Operation(RFC4532)" implemented in the python API with
ldap.whoami_s(), working with a FDS backend I get the following error:
"unsupported extended operation - desc: Protocol Error"
so, the LDAP Who Am I extended operation is unsupported in FDS?

Thanks.

-- 
Wilmer Jaramillo M., Fedora Project
yum isn''t useful for geeks, is just for lazy people
irc.freenode.net: k0k @ #fedora-ve, #talug
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A

Wilmer Jaramillo M. wrote:
> I was writing a program in python and trying a response "Who am I
> Operation(RFC4532)" implemented in the python API with
> ldap.whoami_s(), working with a FDS backend I get the following error:
> "unsupported extended operation - desc: Protocol Error"
> so, the LDAP Who Am I extended operation is unsupported in FDS?
>   
No, it is not.  We have no plans currently to support
it.
> Thanks.
>
>

On Tue, Oct 28, 2008 at 9:24 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
> Wilmer Jaramillo M. wrote:
>>
>> I was writing a program in python and trying a response "Who am I
>> Operation(RFC4532)" implemented in the python API with
>> ldap.whoami_s(), working with a FDS backend I get the following error:
>> "unsupported extended operation - desc: Protocol Error"
>> so, the LDAP Who Am I extended operation is unsupported in FDS?
>>
>
> No, it is not.  We have no plans currently to support it.
Oks maybe you/I can add it to wishlist wiki page?

-- 
Wilmer Jaramillo M., Fedora Project
yum isn''t useful for geeks, is just for lazy people
irc.freenode.net: k0k @ #fedora-ve, #talug
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A

Wilmer Jaramillo M. wrote:
> On Tue, Oct 28, 2008 at 9:24 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
>   
>> Wilmer Jaramillo M. wrote:
>>     
>>> I was writing a program in python and trying a response "Who
am I
>>> Operation(RFC4532)" implemented in the python API with
>>> ldap.whoami_s(), working with a FDS backend I get the following
error:
>>> "unsupported extended operation - desc: Protocol Error"
>>> so, the LDAP Who Am I extended operation is unsupported in FDS?
>>>
>>>       
>> No, it is not.  We have no plans currently to support it.
>>     
>
> Oks maybe you/I can add it to wishlist wiki page?
>
>   
Sure.

Hi,

It is not supported in the current version. I have already made a feature
request in bugzilla : https://bugzilla.redhat.com/show_bug.cgi?id=437632


2008/10/28 Wilmer Jaramillo M. <wilmer@fedoraproject.org>
> I was writing a program in python and trying a response "Who am I
> Operation(RFC4532)" implemented in the python API with
> ldap.whoami_s(), working with a FDS backend I get the following error:
> "unsupported extended operation - desc: Protocol Error"
> so, the LDAP Who Am I extended operation is unsupported in FDS?
>
> Thanks.
>
>

Wilmer Jaramillo M. wrote:
> On Tue, Oct 28, 2008 at 9:24 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
>> Wilmer Jaramillo M. wrote:
>>> I was writing a program in python and trying a response "Who
am I
>>> Operation(RFC4532)" implemented in the python API with
>>> ldap.whoami_s(),
Wilmer, out of curiosity: Are you using SASL bind with server-side
identity mapping? Or why are you doing this?
>>>  working with a FDS backend I get the following error:
>>> "unsupported extended operation - desc: Protocol Error"
>>> so, the LDAP Who Am I extended operation is unsupported in FDS?
>>>
>> No, it is not.  We have no plans currently to support it.
> 
> Oks maybe you/I can add it to wishlist wiki page?
It seems FDS implements something similar: an extended control to be
sent along with the bind request/response (see RFC 3829, OID values
2.16.840.1.113730.3.4.15/2.16.840.1.113730.3.4.16 in attribute
supportedControl of rootDSE).

Currently python-ldap does not support this control though. Patches for
python-ldap welcome. ;-)

Ciao, Michael.

On Wed, Oct 29, 2008 at 5:41 AM, Michael Ströder <michael@stroeder.com>
wrote:
> Wilmer Jaramillo M. wrote:
>> On Tue, Oct 28, 2008 at 9:24 PM, Rich Megginson
<rmeggins@redhat.com> wrote:
>>> Wilmer Jaramillo M. wrote:
>>>> I was writing a program in python and trying a response
"Who am I
>>>> Operation(RFC4532)" implemented in the python API with
>>>> ldap.whoami_s(),
I just try associated one user dn with my apps using the whoami_s() ldap method.
> It seems FDS implements something similar: an extended control to be
> sent along with the bind request/response (see RFC 3829, OID values
> 2.16.840.1.113730.3.4.15/2.16.840.1.113730.3.4.16 in attribute
> supportedControl of rootDSE).
Interesting, the RFC4532 is the replace of RFC3829 but isn''t supported
by python :(


-- 
Wilmer Jaramillo M., Fedora Project
yum isn''t useful for geeks, is just for lazy people
irc.freenode.net: k0k @ #fedora-ve, #talug
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A

Wilmer Jaramillo M. wrote:
> On Wed, Oct 29, 2008 at 5:41 AM, Michael Ströder
<michael@stroeder.com> wrote:
>> Wilmer Jaramillo M. wrote:
>>> On Tue, Oct 28, 2008 at 9:24 PM, Rich Megginson
<rmeggins@redhat.com> wrote:
>>>> Wilmer Jaramillo M. wrote:
>>>>> I was writing a program in python and trying a response
"Who am I
>>>>> Operation(RFC4532)" implemented in the python API with
>>>>> ldap.whoami_s(),
> 
> I just try associated one user dn with my apps using the whoami_s() ldap
method.
You could also do this by a search. Not sure how general usable your
code has to be.
>> It seems FDS implements something similar: an extended control to be
>> sent along with the bind request/response (see RFC 3829, OID values
>> 2.16.840.1.113730.3.4.15/2.16.840.1.113730.3.4.16 in attribute
>> supportedControl of rootDSE).
> 
> Interesting, the RFC4532 is the replace of RFC3829 but isn''t
supported
> by python :(
Please read my e-mails more carefully since you probably misunderstood
my last message.

RFC 3829 is "Informational" and is currently not supported by
python-ldap. But this is what to use with FDS. Feel free to implement
support for it in python-ldap. As the maintainer of python-ldap I say:
Contributions welcome.

RFC 4532 is "Standards Track" and is supported by python-ldap thanks
to
 the OpenLDAP LDAP C libs supporting it.

Ciao, Michael.