[Fwd: Active directory signature]

Sylvain Thénault sylvain.thenault at logilab.fr
Wed May 2 15:21:08 CEST 2007 

On Wednesday 02 May à 09:13, Garland, Ken R wrote:
> On 5/2/07, Sylvain Thénault <sylvain.thenault at logilab.fr> wrote:
> >forwarding this message since I'm now subscribed.
> >
> >----- Forwarded message from Sylvain Thénault 
> ><sylvain.thenault at logilab.fr> -----
> >
> >> From: Sylvain Thénault <sylvain.thenault at logilab.fr>
> >> To: python-ldap-dev at lists.sourceforge.net
> >> Date: Wed, 2 May 2007 13:10:39 +0200
> >> Subject: Active directory signature
> >>
> >> Hi there !
> >>
> >> I've some customer code which has been recently broken, since they
> >> upgraded to AD3. It's some basic authentication code using python-ldap
> >> (I'm not sure which version is installed on their servers). Their
> >> microsoft expert told them it was because they changed the "Domain
> >> controller: LDAP server signing requirements" option to "Require 
> >signing",
> 
> 
> basically saying they now require authentication. you just need to
> determine what credentials have been setup to allow whatev er task it
> is you want to accomplish, then specify them inside your python-ldap
> program. something similar to:
> 
>                l=ldap.initialize("ldap://your.server.com")
>                l.bind('cn=the_cn_you_use,dc=server,dc=com', 'password')
> 
> change 'cn' to 'uid' or whatever it is that your bind requires. set
> that to a user which has permissions to do whatever it is you are
> trying to do, simple searches, modifying entries, etc.

This is already what is done. Basically the code is only doing
authentification, no more, and works that way, given a login/password 
to authenticate:
1. search in AD the DN corresponding to the login, using an
   authenticated connection (using an admin dn/password)
2. try to connect using the found DN and the given password (using
   simple_bind_s) to validate the password

Maybe this is not the right way to do AD/LDAP authentication though ?

-- 
Sylvain Thénault                               LOGILAB, Paris (France)
Formations Python, Zope, Plone, Debian:  http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
Python et calcul scientifique:           http://www.logilab.fr/science

More information about the python-ldap mailing list