[python-ldap] Bind windows AD server failed from linux client with kerberos authentication

xujian jamesxu at outlook.com
Fri Jun 19 20:37:33 CEST 2015

Hello,       I got a problem when I bind windows AD server from linux client with kerberos authentication.
code is simple
import ldap, ldap.saslfrom ldap.ldapobject import LDAPObject
l = ldap.initialize('ldap://xxxx.xxxx.com')l.set_option(ldap.OPT_REFERRALS, 1)l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)l.set_option(ldap.OPT_DEBUG_LEVEL, 255)auth_tokens = ldap.sasl.gssapi("")l.sasl_interactive_bind_s("", auth_tokens)
but I got trace stackTraceback (most recent call last):  File "pytest/mysearch.py", line 12, in <module>    l.sasl_interactive_bind_s("", auth_tokens)  File "/net/hsjxu.n.twosigma.com/userhome/jxu/source/ldap/ext/public/python/ldap/2/4/20/python/ldap/ldapobject.py", line 244, in sasl_interactive_bind_s    return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)  File "/net/hsjxu.n.twosigma.com/userhome/jxu/source/ldap/ext/public/python/ldap/2/4/20/python/ldap/ldapobject.py", line 106, in _ldap_call    result = func(*args,**kwargs)ldap.SUCCESS: {'desc': 'Success'}
the error message is weird, it says "success", I think it should be a bug, so the real error message is hidden.I verified the kerberos ticket and environment variable KRB5CCNAME, they are correct.if I use simple bind with user and password authentication mode, bind is successful.
when I build the library, I used openldap 2.4.40 and cryrus sasl 2.1.26 library, does anyone can help me look if there is anything wrong in my code? 
Many thanks !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20150619/689ffc44/attachment.html>

More information about the python-ldap mailing list