[python-ldap] simple_bind_s, no exception on empty password
Chaos Eternal
chaoseternal at gmail.com
Sat Dec 8 04:05:54 CET 2012
Hi, Chris
This is the RIGHT behavior when the LDAP Server which allows anonymous
bind. According to LDAP rfc, when no password provided to simple_bind,
the bind will be considered anonymous.
if you really dont want this to be happening , my suggestion is that
you can use whoami_s right after a successful bind to check whether
the DN is desired.
On Sat, Dec 8, 2012 at 6:51 AM, Chris Gray <fathed at gmail.com> wrote:
> Hey everyone, I have a question with simple_bind_s.
>
> The code below, if passing in the wrong password, will return 1 as the exit
> code. It will return 0 if the bind is successful. That's pretty much all I
> need it to do.
>
> My problem is, if I just hit enter on the getpass() prompt, my exit code
> ends up being 0 anyway.
>
> Changing the bind line to ldap_conn.simple_bind_s(ldap_user, "") has the
> same effect, no exception thrown. That seems to do not even try to do the
> bind, but the lack of exception doesn't seem to be the right behavior
> either.
>
> Variable data is changed to protect... or some reason.
>
> Any suggestions?
> Thanks!
> Chris
>
>
> import sys
> import ldap
> import getpass
>
>
> ldap_user = sys.argv[1]
> ldap_pass = getpass.getpass()
> #if ldap_pass == "":
> # ldap_pass = "badpassword"
>
> ldap_conn = ldap.initialize('ldap://domaincontroller.fqdn')
> ldap_conn.protocol_version = 3
> ldap_conn.set_option(ldap.OPT_REFERRALS, 0)
>
> ldap_domains = ['domain1',
> 'domain2',
> 'domain3',
> 'domain4',
> 'domain5',
> 'domain6',
> 'domain7']
>
> for domain in ldap_domains:
> try:
> ldap_user += '@' + domain
> ldap_conn.simple_bind_s(ldap_user, ldap_pass)
> sys.exit(0)
> except Exception:
> pass
>
> sys.exit(1)
>
> _______________________________________________
> python-ldap mailing list
> python-ldap at python.org
> http://mail.python.org/mailman/listinfo/python-ldap
>
More information about the python-ldap
mailing list