[python-ldap] Is it possible to bind using a kerberos keytab
Michael Ströder
michael at stroeder.com
Tue Dec 30 18:33:02 CET 2014
Kev SMITH wrote:
> (a) Kerberos environment is provided by centrify.com and it's 'server suite standard edition'
Hmmpf! Proprietary 3rd-party tools...
> 1. Kerberos V5 keytab auth is working fine outside of python ldap
>
> # klist -fae
> klist: No credentials cache found (ticket cache KCM:0)
> root at buddy:/home/kev# /usr/share/centrifydc/bin/ldapsearch -YGSSAPI -Q -H ldap://buddy.com -b "dc=com, dc=buddy" "(&(objectclass=user)(displayname=BUDDYSVCA))"
> ldap_sasl_interactive_bind_s: unknown LDAP result code (-50)
> additional info: SASL(-1): generic failure:
Seeing the path names I suspect that this proprietary software comes with its
completely separate software stack (Kerberos, SASL and LDAP libs) and that
your python-ldap installation knows nothing about it.
You can check with
ldd /path/to/_ldap.so
which libs python-ldap gets linked to.
So you would have to either
1. configure your OS stack to match this product's configuration or
2. create a custom build of python-ldap to be linked to the LDAP libs shipped
by this vendor.
For 2. be prepared to run into lots of dynamic library linking mixes possibly
causing seg faults.
But sorry, this is where supporting commercial software ends at my side.
Please ask your vendor for support.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20141230/58cab64f/attachment.bin>
More information about the python-ldap
mailing list