using Kerberos to authenticate to Active Directory from python ldap
Olivier Sessink
oliviersessink at gmail.com
Thu Apr 9 22:39:53 CEST 2009
Hi all,
I'm trying to script a function that can retrieve if a user is member of
a group in active directory. The previous script was a shell script with
a ldapsearch call for every user. You can image that took long on a
thousand users.
So I'm rewriting the script for python. However, I cannot get the
kerberos authentication right.
ld = ldap.initialize('activedirectory-dns')
ld.sasl_interactive_bind_s('', ldap.sasl.gssapi('user at REALM'))
ld.search_s(self.base, ldap.SCOPE_SUBTREE, '(CN=groupname)', ['Member'])
I get an error that I don't have the right credentials.
However it works with ldapsearch, so the Kerberos ticket is valid and
correct for this query..
Anybody a tip how to continue? Or an example script that uses Kerberos?
thanks,
Olivier
More information about the python-ldap
mailing list