[python-ldap] SASL + REALM
Joseph L. Casale
jcasale at activenetwerx.com
Thu Jan 2 15:22:33 CET 2014
> I've got a problem using python-ldap with SASL + REALM. I don't have any
> clue what's wrong with it and tumbling around in the dark.
> Here is my code snippet:
> ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
> ldap.OPT_X_TLS_NEVER)
> ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
> username = 'ldapadmin-222'
> password = 'pass'
> realm = 'company'
> l = ldap.initialize('ldaps://ldapsrv.mydomain.local:60000', trace_level=2)
> auth_token = ldap.sasl.sasl(
> {
> ldap.sasl.CB_AUTHNAME:(username),
> ldap.sasl.CB_PASS:(password),
> ldap.sasl.CB_USER:(username),
> ldap.sasl.CB_GETREALM:(realm),
> },
> 'DIGEST-MD5'
> )
> try:
> l.sasl_interactive_bind_s( "", auth_token )
> except ldap.LDAPError, e:
> print e
> except ldap.INVALID_CREDENTIALS, e :
> print e
> finally:
> l.unbind_s()
>
> It always fails with
> LDAPError - INVALID_CREDENTIALS: {'info': '8009030C: LdapErr: DSID-
> 0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc':
> 'Invalid credentials'}
I'm not an authority here, but I am guessing you're missing some additional options
relating to negotiation after initialization, or at least a quick of read of the rfc suggests
so.
Check out this: http://stackoverflow.com/questions/7716562/pythonldapssl
hth,
jlc
More information about the python-ldap
mailing list