ldap.sasl.gssapi example?
Gavin Doughtie
gdoughtie at anim.dreamworks.com
Wed Apr 7 19:39:27 CEST 2004
OK, here's the result from running my modified sasl_bind.py (below):
marlin [~/src/mod/python/users](SHARK)(55)> kinit
Password for gdoughtie at ANIM.DREAMWORKS.COM:
marlin [~/src/mod/python/users](SHARK)(56)> klist
Ticket cache: FILE:/tmp/krb5cc_3501
Default principal: gdoughtie at ANIM.DREAMWORKS.COM
Valid starting Expires Service principal
04/07/04 10:36:46 04/07/04 20:36:46
krbtgt/ANIM.DREAMWORKS.COM at ANIM.DREAMWORKS.COM
Kerberos 4 ticket cache: /tmp/tkt3501
klist: You have no tickets cached
marlin [~/src/mod/python/users](SHARK)(57)> python ./sasl_bind.py
******************** GSSAPI ********************
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.sasl_interactive_bind_s (('', <ldap.sasl.sasl instance
at 0xb6e8110c>, None, None),{})
Error using SASL mechanism GSSAPI {'desc': 'Local error'} (<class
ldap.LOCAL_ERROR at 0xb73fa4dc>, <ldap.LOCAL_ERROR instance at
0xb6e811ec>, <traceback object at 0xb6e85f54>)
File "./sasl_bind.py", line 72, in ?
l.sasl_interactive_bind_s("", sasl_auth)
File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py",
line 196, in sasl_interactive_bind_s
return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,serverctrls,clientctrls)
File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py",
line 94, in _ldap_call
result = func(*args,**kwargs)
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.unbind_ext ((None, None),{})
marlin [~/src/mod/python/users](SHARK)(58)>
------------------------------------------------- code ----------
# For documentation, see comments in Module/LDAPObject.c and the
# ldap.sasl module documentation.
import traceback
import sys
import ldap,ldap.sasl
ldap.sasl._trace_level=0
ldap.set_option(ldap.OPT_DEBUG_LEVEL,0)
for ldap_uri,sasl_mech,sasl_cb_value_dict in [
(
"ldap://etzadaat.anim.dreamworks.com:389/",
'GSSAPI',
{
ldap.sasl.CB_AUTHNAME :'',
ldap.sasl.CB_PASS :'',
}
),
# (
# "ldap://localhost:1390/",
# 'CRAM-MD5',
# {
# ldap.sasl.CB_AUTHNAME :'fred',
# ldap.sasl.CB_PASS :'secret',
# }
# ),
# (
# "ldap://localhost:1390/",
# 'PLAIN',
# {
# ldap.sasl.CB_AUTHNAME :'fred',
# ldap.sasl.CB_PASS :'secret',
# }
# ),
# (
# "ldap://localhost:1390/",
# 'LOGIN',
# {
# ldap.sasl.CB_AUTHNAME :'fred',
# ldap.sasl.CB_PASS :'secret',
# }
# ),
# (
# "ldapi://%2Ftmp%2Fopenldap-socket/",
# 'EXTERNAL',
# { }
# ),
# (
# "ldap://localhost:1390/",
# 'GSSAPI',
# { }
# ),
# (
# "ldap://localhost:1390/",
# 'DIGEST-MD5',
# {
# ldap.sasl.CB_AUTHNAME :'fred',
# ldap.sasl.CB_PASS :'secret',
# }
# ),
]:
sasl_auth = ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech)
print 20*'*',sasl_auth.mech,20*'*'
# Open the LDAP connection
l = ldap.initialize(ldap_uri,trace_level=1)
# Set protocol version to LDAPv3 to enable SASL bind!
#l.protocol_version = 3
l.protocol_version = ldap.VERSION3
try:
l.sasl_interactive_bind_s("", sasl_auth)
except ldap.LDAPError,e:
print 'Error using SASL mechanism ', sasl_auth.mech,str(e),
sys.exc_info()
traceback.print_tb(sys.exc_info()[2])
else:
print 'Sucessfully bound using SASL
mechanism',sasl_auth.mech,'as',repr(l.whoami_s())
l.unbind()
--------------------------------------------- end code ----------
Michael Ströder wrote:
> Gavin Doughtie wrote:
> > ldap.LOCAL_ERROR: {'desc': 'Local error'}
>
> Can you please catch the exception and display it using str()? See
> Demo/sasl_bind.py.
>
> I'm experimenting with GSSAPI right now but currently I'm getting:
>
> Error using SASL mechanism GSSAPI {'info': 'SASL(-1): generic failure:
> GSSAPI Error: Miscellaneous failure (see text) (Incorrect net
> address)', 'desc': 'Local error'}
>
> Ciao, Michael.
--
Gavin Doughtie
DreamWorks SKG
(818) 695-3821
More information about the python-ldap
mailing list