SASL GSSAPI under Win32

Jeroen Michiel jmichiel at
Thu Aug 6 09:19:36 CEST 2009

I also had that same error trying digest-md5. 
I still find it strange that with gssapi a SUCCESS exception is raised: it smells like a bug, or like a mismatch of libraries somehow.
The strange thing is that the version I use is supposed to be statically linked to the necessary libs, so that you won't have the DLL lookup issues. For dynamically linked versions one can always copy the dlls to system32, but that's fishy at best...

But I found a way to get it working without sasl at last with simple_bind_s and the ldap.OPT_REFERRALS option.
I had already read about this option, but it didn't help, until it turned out I had to supply valid account data to simple_bind_s (the so-called 'Bind DN and password', I guess). I had already tried all sorts of combinations, but not that one... (I'm new to LDAP as you might guess)

Thanks for your time!

----- Original Message ----
From: Waldemar Osuch <waldemar.osuch at>
To: Michael Ströder <michael at>
Cc: python-ldap-dev at
Sent: Thursday, 6 August, 2009 5:07:08
Subject: Re: SASL GSSAPI under Win32

2009/8/5 Michael Ströder <michael at>:
> Waldemar Osuch wrote:
>> I have made a couple attempts to support SASL in the Win32 builds.
>> One user even reported a success using it but it never worked for me.
>> I will give it one more go but I can not make any promises.
> I tried to bind with SASL DIGEST-MD5 to MS AD W2K3SP2 and to OpenLDAP 2.4.x
> but that did not work:
> AUTH_UNKNOWN: {'info': 'SASL(-4): no mechanism available: Unable to find a
> callback: 2', 'desc': 'Unknown authentication method'}
> Hmm, are the SASL mechs modules available at all?
That is the error I am getting too.
My understanding of how it is supposed to work is that _ldap.pyd calls into
libsasl.dll first (this part works) but then libsasl.dll has to find and load
the requested auth mechanism.
Unfortunately I did not find a way of telling libsasl where the
auth plugin dlls are located.
Dropping them into the same directory and hoping it will find them
does not seem to work.


More information about the python-ldap mailing list