[Pythonmac-SIG] Active Directory authentication on Mac using Python

[Bob Ippolito]

On Aug 5, 2005, at 3:21 PM, brad.allen at omsdal.com wrote:

> I'm looking for someone who can provide some limited consultation for
> a Python project we're doing in in the IT dept at my place
> of employment (OMS). In particular, we have a Python client/server app
> which needs to do Active Directory authentication from both Mac OS X
> and Windows XP clients.
>
> The client Python app will take username and password input from the
> user, and then contact the Active Directory to obtain credentials. The
> client app will then pass the credentials to the server app, which
> will inspect the credentials and provide appropriate authorizations.
> The server app runs under Windows XP.
>
> We'd like to get this accomplished fairly soon, and expect lots of
> folks have already done this sort of thing with Python in the Windows
> realm. However, I'm worried that we're going to get stuck doing this
> on the Mac. If anyone can help us with this part of the project, it
> would be much appreciated. If you know how to do it on Windows as  
> well,
> even better.

The generic way to do the authentication is just to use LDAP, since  
Active Directory is just a jazzed up LDAP database server with a non- 
standard Kerberos implementation.  You can crib some code from  
LDAPUserFolder for the authentication bits.  I'm not sure exactly  
what "obtaining credentials" involves, but I'm guessing that's just a  
Kerberos ticket?  Mac OS X should have all the APIs to do it, since  
it has good Kerberos support which supposedly integrates well with  
Active Directory... you'll probably have to a C extension to get at  
that, but that should be no big deal.

Good luck, I don't have any Windows Server machines around, and am  
not really interested in dealing with Windows... but hopefully  
somebody else can help you :)

-bob