SASL/GSSAPI problems
Wido Depping
wido.depping at gmail.com
Tue Nov 9 00:10:51 CET 2004
On Wed, 3 Nov 2004 10:05:34 +0100, Hans Aschauer <hans.aschauer at epost.de> wrote:
> On Saturday 30 October 2004 02:07, Wido Depping wrote:
> > Hi All,
> > some users of Luma ( http://luma.sf.net ) have problems with binding
> > to a directory using the SASL/GSSAPI method. All these people have a
> > working Kerberos environment and using SASL/MD5 work flawlessly.
> > Here's the output they get from the console:
> >
> > SASL/GSSAPI authentication started
> > Error during LDAP bind request
> > Reason: {'info': 'SASL(0): successful result: ', 'desc': 'Local error'}
>
> This error is most likely due to a wrong setup of kerberos <-> LDAP, and has
> probably nothing to do with python-ldap. The luma users might look at
>
> http://www.bayour.com/LDAPv3-HOWTO.html
>
> which is a great HOWTO for setting up a working ldap server with GSSAPI
> authentication. It also explains the reasons for a 'local error'. BTW, it was
> some time ago that I last looked at python-ldap, but I think that it still is
> built on top of the openldap-libraries. So SASL/GSSAPI will work only if it
> also works using ldapsearch (and vice versa(?)).
Hi All,
The solution for my problem was simpler than expected. In my code I
had "sasl_cb_value_dict = None" instead of "sasl_cb_value_dict = {}".
After correcting this, everything worked. However it would be good if
the developer gets a more meaningful error message than 'local error'.
Beside that, I just want to say that python-ldap is a really nice
library and it has helped me a lot with my Luma development, altough I
don't use its full potential :)
mfg.
Wido Depping
--
Wido Depping
ICQ: 51303067 AIM: wido3379
Jabber: wido at jabber.ccc.de
Blog: http://widoww.blogspot.com
More information about the python-ldap
mailing list