Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authenticating against active directory using python + ldap

How do I authenticate against AD using Python + LDAP. I'm currently using the python-ldap library and all it is producing is tears.

I can't even bind to perform a simple query:

import sys import ldap   Server = "ldap://my-ldap-server" DN, Secret, un = sys.argv[1:4]  Base = "dc=mydomain,dc=co,dc=uk" Scope = ldap.SCOPE_SUBTREE Filter = "(&(objectClass=user)(sAMAccountName="+un+"))" Attrs = ["displayName"]  l = ldap.initialize(Server) l.protocol_version = 3 print l.simple_bind_s(DN, Secret)  r = l.search(Base, Scope, Filter, Attrs) Type,user = l.result(r,60) Name,Attrs = user[0] if hasattr(Attrs, 'has_key') and Attrs.has_key('displayName'):   displayName = Attrs['displayName'][0]   print displayName  sys.exit() 

Running this with [email protected] password username gives me one of two errors:

Invalid Credentials - When I mistype or intentionally use wrong credentials it fails to authenticate.

ldap.INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece', 'desc': 'Invalid credentials'}

Or

ldap.OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'}

What am I missing out to bind properly?

I am getting the same errors on fedora and windows.

like image 807
1729 Avatar asked Sep 26 '08 16:09

1729


People also ask

How do I use LDAP authentication in Python?

In order to use LDAP with Python we need to import the Server and the Connection object, and any additional constant we will use in our LDAP. As you might remember from the LDAP Protocol diagram the authentication operation is called Bind.

Can Python interact with Active Directory?

pyad is a Python library designed to provide a simple, Pythonic interface to Active Directory through ADSI on the Windows platform.

What are three ways to LDAP authenticate?

LDAP v3 supports three types of authentication: anonymous, simple and SASL authentication.


1 Answers

I was missing

l.set_option(ldap.OPT_REFERRALS, 0) 

From the init.

like image 198
1729 Avatar answered Sep 28 '22 02:09

1729