SASL GSSAPI under Win32 (was: Connection to AD on windows)

Michael Ströder michael at stroeder.com
Wed Aug 5 17:36:05 CEST 2009 

Jeroen Michiel wrote:
> 
> I'm trying to get python-ldap working on a windows machine to authenticate
> users against an Active Directory server. However, I'm getting the weirdest
> things...
> 
> This is what I'm trying:
> 
> import ldap, ldap.sasl
> 
> conn = ldap.initialize('ldap://blabla')
> conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
> conn.set_option(ldap.OPT_REFERRALS,0)
> sasl = ldap.sasl.gssapi()
> conn.sasl_interactive_bind_s('', sasl)

I'm pretty sure SASL bind with GSSAPI mech is not supported with the Win32
builds. Therefore I changed the subject line to trigger attention of the
relevant readers.

The OpenLDAP libs are usually compiled against heimdal or MIT Kerberos which
both have nothing to do with the Kerberos ticket store of your Windows session.

David tried another approach which would help for this situation. His
experimental attempts to build with wldap32.dll can be found here:

http://sourceforge.net/tracker/?func=detail&aid=1698443&group_id=2072&atid=352072

Any takers? Personally I have some doubts though because especially regarding
SASL the APIs are incompatible.

> upon the sasl_interactive_bind_s, I get the following traceback:
> 
> Traceback (most recent call last):
>   File "D:\Projects\Python\ldap\src\ldaptest.py", line 12, in <module>
>     conn.sasl_interactive_bind_s('', sasl)
>   File "c:\python25\lib\site-packages\python_ldap-2.3.9-py2.5-win32.egg\ldap\ldapobject.py", line 219, in sasl_interactive_bind_s
>     return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls),sasl_flags)
>   File "c:\python25\lib\site-packages\python_ldap-2.3.9-py2.5-win32.egg\ldap\ldapobject.py", line 96, in _ldap_call
>     result = func(*args,**kwargs)
> ldap.SUCCESS: {'desc': 'Success'}

Raising ldap.SUCCESS in this case is clearly a bug.

> Im using the 2.3.9 release I got here:
> http://svn.kmrc.de/download/distribution/contrib/

These are .egg files built by Torsten. Not sure what he did regarding Kerberos.

Maybe Torsten or Waldemar can comment on the Win32 builds.

Ciao, Michael.

More information about the python-ldap mailing list