Re: using Kerberos to authenticate to Active Directory from python ldap
2009/4/10 Geert Jansen ge...@boskant.nl: As a related solution, you could have a look at python-ad [1]. Python-AD is built on top of python-ldap and provides lots of functionality that you normally need to connect to AD built in. For example, service discovery, credential management and multi-domain functionality. There's a few examples on the site, including how to use Kerberos credentials with AD. I noticed that there is some C code related to Kerberos in python-ad. Is this code required to initialize a kerberos authentication, or is this just to change passwords and things like that? thanks, Olivier -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
using Kerberos to authenticate to Active Directory from python ldap
Hi all, I'm trying to script a function that can retrieve if a user is member of a group in active directory. The previous script was a shell script with a ldapsearch call for every user. You can image that took long on a thousand users. So I'm rewriting the script for python. However, I cannot get the kerberos authentication right. ld = ldap.initialize('activedirectory-dns') ld.sasl_interactive_bind_s('', ldap.sasl.gssapi('u...@realm')) ld.search_s(self.base, ldap.SCOPE_SUBTREE, '(CN=groupname)', ['Member']) I get an error that I don't have the right credentials. However it works with ldapsearch, so the Kerberos ticket is valid and correct for this query.. Anybody a tip how to continue? Or an example script that uses Kerberos? thanks, Olivier -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
high level API for ldap object handling
Hi all, I've been using python-ldap a lot, thanks for the great work! In my use of python-ldap I've often used a self-developed high level class for ldap-object handling. Adding a new ldap entry for example (ld is a python-ldap object): lo = LdapOO.LdapObject() lo.set_dn_attribs(['cn']) lo.add_attribute_value('cn','test2') lo.set_base_dn('ou=People,o=myorg') lo.add_attribute_value('objectClass','inetOrgPerson') lo.commit_s(ld) or modifying an existing ldap entry: res=ld.search_s('ou=People,o=fakenet',ldap.SCOPE_SUBTREE,'(sn=surname)') lo = LdapOO.LdapObject(res[0][0],res[0][1]) lo.add_attribute_value('sn','surname') if (not lo.has_attribute('street')): lo.add_attribute_value('street','new street') lo.commit_s(ld) since I use this class often, I was wondering if there are more people that like such a high-level API, and perhaps this can be developed further and added to python-ldap ? regards, Olivier Sessink - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev