[python-ldap] Authenticating against Active Directory always returns (97, [])
Michael Ströder
michael at stroeder.com
Thu May 24 19:51:54 CEST 2012
Chris Doherty wrote:
> I am trying to perform simple authentication to a 2003 Active Directory
> using python ldap (CentOS 6.2 x86_64, Python 2.6.6, python-ldap 2.3.10
> from the CentOS repos).
>
> Despite following all the usual steps in the init, including
>
> conn.set_option(ldap.OPT_REFERRALS, 0)
>
> if I pass the correct credentials I always get a (97, []) returned:
Yes, that's correct.
> Error code 97 is not a success; it's the LDAP_REFERRAL_LIMIT_EXCEEDED
> error being returned from AD.
The 97 is not the LDAP result code. It's the result type ldap.RES_BIND.
Normally you don't have to look at the results returned by
LDAPObject.simple_bind_s() (unless you want to extract the bind response
controls).
If the LDAP result code is not 0 the accompanying exception is raised like
ldap.INVALID_CREDENTIALS in your example.
So your code should look like this:
try:
conn.simple_bind_s('user at domain.com', 'WrongPassword')
except ldap.INVALID_CREDENTIALS:
user_error_msg('wrong password provided')
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20120524/fc12e64d/attachment.bin>
More information about the python-ldap
mailing list