Re: using Kerberos to authenticate to Active Directory from python ldap
2009/4/10 Geert Jansen ge...@boskant.nl: As a related solution, you could have a look at python-ad [1]. Python-AD is built on top of python-ldap and provides lots of functionality that you normally need to connect to AD built in. For example, service discovery, credential management and multi-domain functionality. There's a few examples on the site, including how to use Kerberos credentials with AD. I noticed that there is some C code related to Kerberos in python-ad. Is this code required to initialize a kerberos authentication, or is this just to change passwords and things like that? thanks, Olivier -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
using Kerberos to authenticate to Active Directory from python ldap
Hi all,
I'm trying to script a function that can retrieve if a user is member of
a group in active directory. The previous script was a shell script with
a ldapsearch call for every user. You can image that took long on a
thousand users.
So I'm rewriting the script for python. However, I cannot get the
kerberos authentication right.
ld = ldap.initialize('activedirectory-dns')
ld.sasl_interactive_bind_s('', ldap.sasl.gssapi('u...@realm'))
ld.search_s(self.base, ldap.SCOPE_SUBTREE, '(CN=groupname)', ['Member'])
I get an error that I don't have the right credentials.
However it works with ldapsearch, so the Kerberos ticket is valid and
correct for this query..
Anybody a tip how to continue? Or an example script that uses Kerberos?
thanks,
Olivier
--
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
high level API for ldap object handling
Hi all,
I've been using python-ldap a lot, thanks for the great work!
In my use of python-ldap I've often used a self-developed high level
class for ldap-object handling.
Adding a new ldap entry for example (ld is a python-ldap object):
lo = LdapOO.LdapObject()
lo.set_dn_attribs(['cn'])
lo.add_attribute_value('cn','test2')
lo.set_base_dn('ou=People,o=myorg')
lo.add_attribute_value('objectClass','inetOrgPerson')
lo.commit_s(ld)
or modifying an existing ldap entry:
res=ld.search_s('ou=People,o=fakenet',ldap.SCOPE_SUBTREE,'(sn=surname)')
lo = LdapOO.LdapObject(res[0][0],res[0][1])
lo.add_attribute_value('sn','surname')
if (not lo.has_attribute('street')):
lo.add_attribute_value('street','new street')
lo.commit_s(ld)
since I use this class often, I was wondering if there are more people
that like such a high-level API, and perhaps this can be developed
further and added to python-ldap ?
regards,
Olivier Sessink
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
