Python ldap在macOS上出现ValueError: option error问题

Question

Python ldap在macOS上出现ValueError: option error问题

7

我在macOS Sierra上尝试设置python-ldap。当我尝试使用这个在CentOS上成功运行的模块时，我得到了下面的错误信息。经过搜索后发现这可能与在macOS上安装OpenLDAP或python-ldap有关，但我还没有找到解释如何修复的文章。

到目前为止，我已经通过homebrew安装了OpenLDAP，但问题仍然存在。

错误信息：

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/django/core/handlers/exception.py", line 42, in inner
    response = get_response(request)
  File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 249, in _legacy_get_response
    response = self._get_response(request)
  File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/views.py", line 47, in inner
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/utils/decorators.py", line 149, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/views.py", line 81, in login
    if form.is_valid():
  File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py", line 169, in is_valid
    return self.is_bound and not self.errors
  File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py", line 161, in errors
    self.full_clean()
  File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py", line 371, in full_clean
    self._clean_form()
  File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py", line 398, in _clean_form
    cleaned_data = self.clean()
  File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/forms.py", line 191, in clean
    self.user_cache = authenticate(username=username, password=password)
  File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/__init__.py", line 74, in authenticate
    user = backend.authenticate(**credentials)
  File "/itapp/itapp/backend.py", line 39, in authenticate
    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,settings.AD_CERT_FILE)
  File "/usr/local/lib/python2.7/site-packages/ldap/functions.py", line 135, in set_option
    return _ldap_function_call(None,_ldap.set_option,option,invalue)
  File "/usr/local/lib/python2.7/site-packages/ldap/functions.py", line 66, in _ldap_function_call
    result = func(*args,**kwargs)
ValueError: option error

我已按照以下方式通过brew安装了openldap：

alexs-mbp:~ alex$ brew install openldap
Warning: openldap is a keg-only and another version is linked to opt.
Use `brew install --force` if you want to install this version
alexs-mbp:~ alex$ brew install openldap --force
Warning: openldap-2.4.44 already installed, it's just not linked.

我已经使用pip安装了python-ldap

alexs-mbp:~ alex$ sudo pip install python-ldap
The directory '/Users/alex/Library/Caches/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/Users/alex/Library/Caches/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Requirement already satisfied: python-ldap in /usr/local/lib/python2.7/site-packages
Requirement already satisfied: setuptools in /usr/local/lib/python2.7/site-packages (from python-ldap

- AlexW

看起来可能是openldap的homebrew构建存在问题 - 请参见http://thread.gmane.org/gmane.comp.python.ldap/1660 - Peter Brittain

根据那个链接，https://sourceforge.net/p/python-ldap/bugs/65/ 似乎已经被修复了。 - AlexW

我不是Mac专家，但看起来插入证书的方法在这里已经涵盖了 - https://apple.stackexchange.com/questions/80623/import-certificates-into-the-system-keychain-via-the-command-line - Peter Brittain

让我们在聊天中继续这个讨论（http://chat.stackoverflow.com/rooms/141771/discussion-between-alexw-and-peter-brittain）。 - AlexW

证书文件可能格式不正确，您能在此附上吗？ - void

显示剩余4条评论

2个回答

2

我使用MacPorts在macOS Sierra 10.12.4上安装了python-ldap (版本2.3.10_3)，安装命令如下:

sudo port install py27-ldap

这也会拉取OpenLDAP依赖项（版本2.4.44_2）。

我可以执行代码：

import ldap
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'cacert-2017-01-18.pem')

没有错误（CA证书文件来自https://curl.haxx.se/ca/cacert-2017-01-18.pem）

您安装OpenLDAP和python-ldap时遵循了哪些步骤？

编辑：

我认为我找到了相关内容，您能否尝试使用我链接的证书文件运行上面的测试代码？

我怀疑是权限/.pem格式错误

- fedterzi

1

我已经在问题中添加了我的安装方法，谢谢。 - AlexW

我下载了那个文件，然后进入该目录并从该目录运行Python，然后运行上述代码，结果得到相同的ValueError错误。 - AlexW

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- spacepickle · Accepted Answer

我的解决方法是，在进行 pip install python-ldap 时，需要包含基于brew的openldap库。

您可以通过执行 brew info openldap 获取所需信息。其中会显示类似以下内容的信息：

For compilers to find this software you may need to set:
    LDFLAGS:  -L/usr/local/brew/opt/openldap/lib
    CPPFLAGS: -I/usr/local/brew/opt/openldap/include

我的openldap安装在/usr/local/brew/opt/openldap/，因此需要执行如下命令：

LDFLAGS="-L/usr/local/brew/opt/openldap/lib" CPPFLAGS="-I/usr/local/brew/opt/openldap/include" pip install python-ldap

尝试卸载 python-ldap (pip uninstall python-ldap)，然后运行 brew info openldap 并使用您特定的路径打开 openldap lib 和 include 目录。注意：我还遇到了一个问题，我的 clang 编译器无法找到 MacOS SDK 的 sasl.h，但我不知道这是否只是我的问题。这个问题可以通过在上面的命令行中添加 --global-option=build_ext --global-option="-I$(xcrun --show-sdk-path)/usr/include/sasl" 来解决。