[python-ldap] SASL + REALM

Michael Ströder michael at stroeder.com
Thu Jan 2 20:21:15 CET 2014


Joseph L. Casale wrote:
>> I've got a problem using python-ldap with SASL + REALM. I don't have any
>> clue what's wrong with it and tumbling around in the dark.
>> Here is my code snippet:
>>         ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
>> ldap.OPT_X_TLS_NEVER)
>>         ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
>>         username = 'ldapadmin-222'
>>         password = 'pass'
>>         realm = 'company'
>>         l = ldap.initialize('ldaps://ldapsrv.mydomain.local:60000', trace_level=2)
>>         auth_token = ldap.sasl.sasl(
>>              {
>>                  ldap.sasl.CB_AUTHNAME:(username),
>>                  ldap.sasl.CB_PASS:(password),
>>                  ldap.sasl.CB_USER:(username),
>>                  ldap.sasl.CB_GETREALM:(realm),
>>              },
>>              'DIGEST-MD5'
>>         )
>>    try:
>>         l.sasl_interactive_bind_s( "", auth_token )
>>    except ldap.LDAPError, e:
>>         print e
>>    except ldap.INVALID_CREDENTIALS, e :
>>         print e
>>    finally:
>>         l.unbind_s()
>>
>> It always fails with
>> LDAPError - INVALID_CREDENTIALS: {'info': '8009030C: LdapErr: DSID-
>> 0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc':
>> 'Invalid credentials'}
> 
> I'm not an authority here, but I am guessing you're missing some additional options
> relating to negotiation after initialization, or at least a quick of read of the rfc suggests
> so.
> 
> Check out this: http://stackoverflow.com/questions/7716562/pythonldapssl

Maybe I'm overlooking something but could you please elaborate on why you
think this is related?

Ciao, Michael.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20140102/058ed78c/attachment.bin>


More information about the python-ldap mailing list