[Fwd: Active directory signature]
Sylvain Thénault
sylvain.thenault at logilab.fr
Wed May 2 15:21:08 CEST 2007
On Wednesday 02 May à 09:13, Garland, Ken R wrote:
> On 5/2/07, Sylvain Thénault <sylvain.thenault at logilab.fr> wrote:
> >forwarding this message since I'm now subscribed.
> >
> >----- Forwarded message from Sylvain Thénault
> ><sylvain.thenault at logilab.fr> -----
> >
> >> From: Sylvain Thénault <sylvain.thenault at logilab.fr>
> >> To: python-ldap-dev at lists.sourceforge.net
> >> Date: Wed, 2 May 2007 13:10:39 +0200
> >> Subject: Active directory signature
> >>
> >> Hi there !
> >>
> >> I've some customer code which has been recently broken, since they
> >> upgraded to AD3. It's some basic authentication code using python-ldap
> >> (I'm not sure which version is installed on their servers). Their
> >> microsoft expert told them it was because they changed the "Domain
> >> controller: LDAP server signing requirements" option to "Require
> >signing",
>
>
> basically saying they now require authentication. you just need to
> determine what credentials have been setup to allow whatev er task it
> is you want to accomplish, then specify them inside your python-ldap
> program. something similar to:
>
> l=ldap.initialize("ldap://your.server.com")
> l.bind('cn=the_cn_you_use,dc=server,dc=com', 'password')
>
> change 'cn' to 'uid' or whatever it is that your bind requires. set
> that to a user which has permissions to do whatever it is you are
> trying to do, simple searches, modifying entries, etc.
This is already what is done. Basically the code is only doing
authentification, no more, and works that way, given a login/password
to authenticate:
1. search in AD the DN corresponding to the login, using an
authenticated connection (using an admin dn/password)
2. try to connect using the found DN and the given password (using
simple_bind_s) to validate the password
Maybe this is not the right way to do AD/LDAP authentication though ?
--
Sylvain Thénault LOGILAB, Paris (France)
Formations Python, Zope, Plone, Debian: http://www.logilab.fr/formations
Développement logiciel sur mesure: http://www.logilab.fr/services
Python et calcul scientifique: http://www.logilab.fr/science
More information about the python-ldap
mailing list