Hello, I am using python-ldap to bind using SASL with DIGEST-MD5 authentication. My program:
#!/usr/bin/python import ldap.sasl username = 'user' pw = 'pass'' url = "ldap://example.com/"; bind = "dc=www,dc=example,dc=com" def doit(): con = ldap.initialize(url) auth_tok = ldap.sasl.digest_md5(username, pw) ret = con.sasl_interactive_bind_s(bind, auth_tok) print "bind:", ret ret = con.unbind() return doit() doit() The first bind is successful, the second one fails (with INVALID_CREDENTIALS): bind: 0 Traceback (most recent call last): File "./ldaptest.py", line 21, in <module> doit() File "./ldaptest.py", line 12, in doit ret = con.sasl_interactive_bind_s(bind, auth_tok) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 219, in sasl_interactive_bind_s return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls),sasl_flags) File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97, in _ldap_call result = func(*args,**kwargs) ldap.INVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 57, vece', 'desc': 'Invalid credentials'} It looks like that the credentials(nonce) are being cached and the server does not like this (it is a Windows server). Is there are way to ask the library to not cache the credentials? I ran wireshark and it confirms that on the first call to bind, only "sasl:mechanism" is sent. However, on the second call to bind, credentials are also being sent which confuses the server as it has not yet sent the challenge (via saslBindInProgress). Thanks! Ashwin
------------------------------------------------------------------------------
_______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
