Authenticate users using command line tool against AD in python

[Prasad Katti]

I am writing a command line tool in python to generate one time passwords/tokens. The command line tool will have certain sub-commands like --generate-token and --list-all-tokens for example. I want to restrict access to certain sub-commands. In this case, when user tries to generate a new token, I want him/her to authenticate against AD server first.

I have looked at python-ldap and I am even able to bind to the AD server. In my application I have a function

    def authenticate_user(username, password): pass

which gets username and plain-text password. How do I use the LDAPObject instance to validate these credentials?