[python-ldap] GSSAPI and Active Directory
Michael Ströder
michael at stroeder.com
Mon Aug 10 17:15:46 CEST 2015
陈伟洪 wrote:
> I'm unable to search Active Directory with GSSAPI for some reason.
>
>
> Here's a small test script I've been using.
>
> import ldap
> import ldap.sasl
>
> adconn = ldap.initialize('ldap://192.168.1.198:389/', trace_level=1)
> adconn.protocol_version = ldap.VERSION3
> sasl_auth = ldap.sasl.sasl(
> {
> },
> 'GSSAPI'
> )
>
> adconn.sasl_interactive_bind_s('', sasl_auth)
>
>
>
> It fails every time with
>
> C:\Users\whchen\Downloads>python test_ldap.py
It seems you're on Windows.
I don't know the detailed status of SASL support in current Windows builds of
python-ldap but IMO SASL/GSSAPI does not work on Windows. Especially this
would require to install Kerberos for Windows and build against that. Current
KfW releases seem to be able to make use of the Windows ticket store but I
never tried out myself.
SASL/GSSAPI with MS AD works ok on most Linux boxes with LDAP libs built with
SASL and Kerberos libs.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20150810/b196b04b/attachment.bin>
More information about the python-ldap
mailing list