[python-ldap] sAMAccountName in DN for Bind
Anurag Chourasia
anurag.chourasia at gmail.com
Mon Apr 22 19:02:30 CEST 2013
Dear Friends,
Is *sAMAccountName *not allowed in the DN for bind operation?
If i use a DN = "*CN=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*"
then I am able to bind and do a search operation also.
However, if i use a DN= "*
sAMAccountName=Guddu,OU=Users,OU=Central,OU=CL,DC=company,DC=corp*" then i
get a *ldap.INVALID_CREDENTIALS* error
I can confirm that the user has the attribute *sAMAccountName=Guddu *for
sure.
Here is my session transcript. Appreciate your guidance.
>>> import ldap
>>> l=ldap.initialize('ldap://10.5.100.61:389')
>>>
who="sAMAccountName=FJGalazA,OU=Users,OU=Central,OU=CL,DC=cencosud,DC=corp"
>>> who="CN=Francisco Javier Galaz
Arenas,OU=Users,OU=Central,OU=CL,DC=cencosud,DC=corp"
>>> cred="fga.1234"
>>> result=l.bind(who,cred)
>>> l.result(result)
(97, [])
>>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', 0,
'(objectClass=*)',['cn'])
[('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {})]
>>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', 0,
'(objectClass=*)')
[('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp',
{'distinguishedName': ['OU=Appl
Groups,OU=Central,OU=CL,DC=cencosud,DC=corp'], 'dSCorePropagationData':
['20120613154938.0Z', '20120131185947.0Z', '20120131153659.0Z',
'20100125141214.0Z', '16010714223649.0Z'], 'name': ['Appl Groups'],
'objectCategory': ['CN=Orga
nizational-Unit,CN=Schema,CN=Configuration,DC=cencosud,DC=corp'],
'objectClass': ['top', 'organizationalUnit'], 'objectGUID':
["\xf8\xd5T'\xa2A7G\xa2\xa5\xd8\xe
3T&\xcd\xcb"], 'whenChanged': ['20050929205347.0Z'], 'whenCreated':
['20050929205347.0Z'], 'uSNCreated': ['70508'], 'uSNChanged': ['70508'],
'ou': ['Appl Groups
'], 'instanceType': ['4']})]
>>> l.search_s('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', 0,
'(objectClass=*)',['member'])
[('OU=Appl Groups,OU=Central,OU=CL,DC=cencosud,DC=corp', {})]
>>>
who="sAMAccountName=FJGalazA,OU=Users,OU=Central,OU=CL,DC=cencosud,DC=corp"
>>> result=l.bind(who,cred)
>>> l.result(result)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 458, in
result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 462, in
result2
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all,timeout)
File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 469, in
result3
resp_ctrl_classes=resp_ctrl_classes
File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 476, in
result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 99, in
_ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 525, vece', 'desc': 'Invalid
credentials'}
>>>
Regards,
Guddu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20130422/d5390aee/attachment.html>
More information about the python-ldap
mailing list