Olivier Sessink wrote:
>
> So I'm rewriting the script for python. However, I cannot get the
> kerberos authentication right.
>
> ld = ldap.initialize('activedirectory-dns')
> ld.sasl_interactive_bind_s('', ldap.sasl.gssapi('u...@realm'))
> ld.search_s(self.base, ldap.SCOPE_SUBTREE, '(CN=groupname)', ['Member'])
>
> I get an error that I don't have the right credentials.
>
> However it works with ldapsearch, so the Kerberos ticket is valid and
> correct for this query..
I cannot see how your parameters are. Note that SASL-Bind with GSSAPI is
quite picky about using the right DNS names.
Especially it should be something like
ld = ldap.initialize('ldap://dc1.dom2.adtest.domain')
with dc1.dom2.adtest.domain being one of the names listed with service
prefix ldap/ in servicePrincipalName on the domain controller.
> Or an example script that uses Kerberos?
Demo/sasl_bind.py
Ciao, Michael.
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
