[Fwd: Active directory signature]
Sylvain Thénault
sylvain.thenault at logilab.fr
Wed May 2 18:57:50 CEST 2007
FYI, I'v fixed the problem which was actually due to auto chasing for
referal, causing an anonymous connection to be open.
Thank you
On Wednesday 02 May à 15:21, Sylvain Thénault wrote:
> On Wednesday 02 May à 09:13, Garland, Ken R wrote:
> > On 5/2/07, Sylvain Thénault <sylvain.thenault at logilab.fr> wrote:
> > >forwarding this message since I'm now subscribed.
> > >
> > >----- Forwarded message from Sylvain Thénault
> > ><sylvain.thenault at logilab.fr> -----
> > >
> > >> From: Sylvain Thénault <sylvain.thenault at logilab.fr>
> > >> To: python-ldap-dev at lists.sourceforge.net
> > >> Date: Wed, 2 May 2007 13:10:39 +0200
> > >> Subject: Active directory signature
> > >>
> > >> Hi there !
> > >>
> > >> I've some customer code which has been recently broken, since they
> > >> upgraded to AD3. It's some basic authentication code using python-ldap
> > >> (I'm not sure which version is installed on their servers). Their
> > >> microsoft expert told them it was because they changed the "Domain
> > >> controller: LDAP server signing requirements" option to "Require
> > >signing",
> >
> >
> > basically saying they now require authentication. you just need to
> > determine what credentials have been setup to allow whatev er task it
> > is you want to accomplish, then specify them inside your python-ldap
> > program. something similar to:
> >
> > l=ldap.initialize("ldap://your.server.com")
> > l.bind('cn=the_cn_you_use,dc=server,dc=com', 'password')
> >
> > change 'cn' to 'uid' or whatever it is that your bind requires. set
> > that to a user which has permissions to do whatever it is you are
> > trying to do, simple searches, modifying entries, etc.
>
> This is already what is done. Basically the code is only doing
> authentification, no more, and works that way, given a login/password
> to authenticate:
> 1. search in AD the DN corresponding to the login, using an
> authenticated connection (using an admin dn/password)
> 2. try to connect using the found DN and the given password (using
> simple_bind_s) to validate the password
>
> Maybe this is not the right way to do AD/LDAP authentication though ?
--
Sylvain Thénault LOGILAB, Paris (France)
Formations Python, Zope, Plone, Debian: http://www.logilab.fr/formations
Développement logiciel sur mesure: http://www.logilab.fr/services
Python et calcul scientifique: http://www.logilab.fr/science
More information about the python-ldap
mailing list