2009/4/10 Michael Ströder <mich...@stroeder.com>:
> Olivier Sessink wrote:
>> 2009/4/10 Michael Ströder <mich...@stroeder.com>:
>>> You can bind with SASL/GSSAPI to AD with plain python-ldap provided you
>>> obtained a valid TGT with kinit before (just like with command-line tool
>>> ldapsearch).
>>
>> thanks, that's what I need to know.
>>
>> I can't get it to work though..
>>
>> ld = ldap.initialize('ldap://foobar')
>> sasl = ldap.sasl.gssapi()
>> ld.sasl_interactive_bind_s('', sasl)
>> ld.search_s('DC=foo,DC=foo', ldap.SCOPE_SUBTREE, '(CN=blabla)', ['Member'])
>>
>> ldap.OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627,
>> comment: In order to perform this operation a successful bind must be
>> completed on the connection., data 0, vece', 'desc': 'Operations
>> error'}
>>
>> this shell command works:
>>
>> ldapsearch -YGSSAPI -H ldap://foobar -bDC=foo,DC=foo '(CN=blabla)' Member
>>
>> I've tried different ldap URL's, but from an ldapsearch strace I'm
>> pretty sure I use the right ldap server.
>
> Hmm, this should simply work just like the ldapsearch usage. Since
> you're searching from domain level it would be worth to try to
> explicitly switch off referral chasing within libldap:
>
> ld = ldap.initialize('ldap://foobar')
> ld.set_option(ldap.OPT_REFERRALS,0)
you saved my day!
it works.
sorry for my limited knowledge, but what does "referrals should be
automatically chased" mean?
many thanks
Olivier
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
