ldap.sasl.gssapi example?
Gavin Doughtie
gdoughtie at anim.dreamworks.com
Thu Apr 8 22:49:28 CEST 2004
Does the example below work on your system (or anybody else's on this list?)
This is the example I've been using to test sasl_bind with a little cleanup.
-------------------- 8< -----------------------------------
# For documentation, see comments in Module/LDAPObject.c and the
# ldap.sasl module documentation.
import traceback
import sys
import ldap,ldap.sasl
ldap.sasl._trace_level=0
ldap.set_option(ldap.OPT_DEBUG_LEVEL,0)
############### CHANGE THIS TO YOUR SERVER ##################
MY_LDAP_SERVER = "ldap://put.your.server.url.here/"
for ldap_uri,sasl_mech,sasl_cb_value_dict in [
(
MY_LDAP_SERVER,
'GSSAPI',
{
ldap.sasl.CB_AUTHNAME :'',
ldap.sasl.CB_PASS :'',
}
),
]:
sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech)
print 20*'*',sasl_auth.mech,20*'*'
# Open the LDAP connection
l = ldap.initialize(ldap_uri,trace_level=1)
# Set protocol version to LDAPv3 to enable SASL bind!
l.protocol_version = ldap.VERSION3
try:
l.sasl_interactive_bind_s("", sasl_auth)
except ldap.LDAPError,e:
print 'Error using SASL mechanism ', sasl_auth.mech,str(e),
sys.exc_info()
traceback.print_tb(sys.exc_info()[2])
else:
print 'Sucessfully bound using SASL
mechanism',sasl_auth.mech,'as',repr(l.whoami_s())
l.unbind()
-------------------- 8< -----------------------------------
Michael Ströder wrote:
> Gavin Doughtie wrote:
> > Here's the complete scoop:
> > [..]
> > Name : krb5-workstation Relocations: (not
> relocateable)
> > [..]
> > URL : http://web.mit.edu/kerberos/www/
>
> It seems you're using the MIT Kerberos implementation which is known to
> have some issues with OpenLDAP (mainly cause it's not thread-safe). In
> opposite to that I'm using the heimdal implementation.
>
> http://www.pdc.kth.se/heimdal/
>
> As I said I do not have much experience with Kerberos. It simply works
> for me. It seems I can't really help with your setup.
>
> Ciao, Michael.
>
--
Gavin Doughtie
DreamWorks SKG
(818) 695-3821
More information about the python-ldap
mailing list