[python-ldap] GSSAPI and Active Directory

陈伟洪 whchen1080 at gmail.com
Tue Aug 11 09:50:22 CEST 2015 

In the Linux environment, I tried to run this script:


import ldap
import ldap.sasl

adconn = ldap.initialize('ldap://192.168.1.198:389')
adconn.protocol_version = ldap.VERSION3
sasl_auth = ldap.sasl.sasl(
          {
            ldap.sasl.CB_AUTHNAME:"",
            ldap.sasl.CB_PASS    :"",
          },
            'GSSAPI'
            )
adconn.sasl_interactive_bind_s('', sasl_auth)

result:

root at 872d112a0c37:/var/edo/wo# bin/python test_ldap.py
Traceback (most recent call last):
  File "bin/python", line 275, in <module>
    exec(compile(__file__f.read(), __file__, "exec"))
  File "test_ldap.py", line 13, in <module>
    adconn.sasl_interactive_bind_s('', sasl_auth)
  File
"/opt/buildout-cache/eggs/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py",
line 229, in sasl_interactive_bind_s
    return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
  File
"/opt/buildout-cache/eggs/python_ldap-2.4.14-py2.7-linux-x86_64.egg/ldap/ldapobject.py",
line 99, in _ldap_call
    result = func(*args,**kwargs)
ldap.LOCAL_ERROR: {'info': 'SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information (No
Kerberos credentials available)', 'desc': 'Local error'}

Is that python-ldap  no support username/password as credentials to login
in MS AD server which only support GSSAPI?

2015-08-10 23:15 GMT+08:00 Michael Ströder <michael at stroeder.com>:

> 陈伟洪 wrote:
> > I'm unable to search Active Directory with GSSAPI for some reason.
> >
> >
> > Here's a small test script I've been using.
> >
> > import ldap
> > import ldap.sasl
> >
> > adconn = ldap.initialize('ldap://192.168.1.198:389/', trace_level=1)
> > adconn.protocol_version = ldap.VERSION3
> > sasl_auth = ldap.sasl.sasl(
> >            {
> >            },
> >              'GSSAPI'
> >              )
> >
> > adconn.sasl_interactive_bind_s('', sasl_auth)
> >
> >
> >
> > It fails every time with
> >
> >   C:\Users\whchen\Downloads>python test_ldap.py
>
> It seems you're on Windows.
>
> I don't know the detailed status of SASL support in current Windows builds
> of
> python-ldap but IMO SASL/GSSAPI does not work on Windows. Especially this
> would require to install Kerberos for Windows and build against that.
> Current
> KfW releases seem to be able to make use of the Windows ticket store but I
> never tried out myself.
>
> SASL/GSSAPI with MS AD works ok on most Linux boxes with LDAP libs built
> with
> SASL and Kerberos libs.
>
> Ciao, Michael.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20150811/7017a3fd/attachment.html>

More information about the python-ldap mailing list