Authenticate users using command line tool against AD in python
Michael Ströder
michael at stroeder.com
Tue Jul 28 03:56:16 EDT 2015
Prasad Katti wrote:
> I am writing a command line tool in python to generate one time
> passwords/tokens. The command line tool will have certain sub-commands like
> --generate-token and --list-all-tokens for example. I want to restrict
> access to certain sub-commands. In this case, when user tries to generate a
> new token, I want him/her to authenticate against AD server first.
This does not sound secure:
The user can easily use a modified copy of your script.
> I have looked at python-ldap and I am even able to bind to the AD server.
> In my application I have a function
>
> def authenticate_user(username, password): pass
>
> which gets username and plain-text password. How do I use the LDAPObject instance to validate these credentials?
You probably want to use
http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s
Check whether password is non-zero before because most LDAP servers consider
an empty password as anon simple bind even if the bind-DN is set.
Ciao, Michael.
More information about the Python-list
mailing list