[ANNOUNCE] python-ad

Geert Jansen geert at boskant.nl
Tue Dec 11 22:10:48 CET 2007


Michael Ströder wrote:

> Ah, ok. Interesting. Why don't you separate the krb5 module into another
> project. I guess some people might be interested in that.
>
> Especially my dream would be to support HTTP-Authentication based on
> SPNEGO/GSSAPI in web2ldap. But not only authenticating the user at the
> web server. I would rather like forward the service ticket requested for
> a particular LDAP service to the LDAP server in a SASL/GSSAPI
> BindRequest. Do you think that's feasible?
>   

Well... at the moment the module is really bare bones and only exposes
the few functions of the vast Kerberos API that Python-AD needs. Also I
don't want to digress too much at this point. I created Python-AD as
part of something bigger which does not exist yet: FreeADI. FreeADI
would provide Active Directory integration for Linux systems, meaning
you can use AD as the directory and authentication service on Linux.
(Given the fact that Likewise Open was released last week, I am not sure
though it would still be useful).

>From what I understand from you though, you'd like the GSSAPI to be
wrapped and not the Kerberos API. This is easier as the GSSAPI seems
significantly smaller than the Kerberos API.

By the way I had a look at web2ldap. You mention that you use an ASN.1
parser from Pisces and that you feel that people may have issues with
its license. Python-AD comes with its own (very simple) ASN.1
parser/generator as well. It can parse arbitrary BER, emits DER and
comes with a full test suite. The code is licensed under the MIT license
so it may be less concerning. Also if you really want I could re-license
it under the GPL.

Regards, Geert



More information about the python-ldap mailing list