[python-ldap] Authenticating against Active Directory always returns (97, [])

Michael Ströder michael at stroeder.com
Thu May 24 19:51:54 CEST 2012

Chris Doherty wrote:
> I am trying to perform simple authentication to a 2003 Active Directory
> using python ldap (CentOS 6.2 x86_64, Python 2.6.6, python-ldap 2.3.10
> from the CentOS repos).
> Despite following all the usual steps in the init, including
> conn.set_option(ldap.OPT_REFERRALS, 0)
> if I pass the correct credentials I always get a (97, []) returned:

Yes, that's correct.

> Error code 97 is not a success; it's the LDAP_REFERRAL_LIMIT_EXCEEDED
> error being returned from AD.

The 97 is not the LDAP result code. It's the result type ldap.RES_BIND.
Normally you don't have to look at the results returned by
LDAPObject.simple_bind_s() (unless you want to extract the bind response

If the LDAP result code is not 0 the accompanying exception is raised like
ldap.INVALID_CREDENTIALS in your example.

So your code should look like this:

  conn.simple_bind_s('user at domain.com', 'WrongPassword')
  user_error_msg('wrong password provided')

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20120524/fc12e64d/attachment.bin>

More information about the python-ldap mailing list