ldap proxy user bind
Michael Ströder
michael at stroeder.com
Sat Feb 11 15:22:45 EST 2012
sajuptpm wrote:
> I have developed a LDAP auth system using python-ldap module.
> Using that i can validate username and password, fetch user and
> groups info from LDAP directory.
> Now i want to implement ldap proxy user bind to the ldap server.
What do you mean exactly?
Are you talking about LDAPv3 proxy authorization
(see http://tools.ietf.org/html/rfc4370)?
If yes, then pass an instance of class ldap.controls.simple.ProxyAuthzControl
to the LDAPObject methods when sending your LDAP requests. This is usable no
matter how your proxy user has bound the directory. Another option is to send
a SASL authz-ID along with the initial SASL bind request of your proxy user.
No matter what you have to get your LDAP server configuration right for this
to work. Which LDAP server is it?
> I googled and find this http://ldapwiki.willeke.com/wiki/LDAPProxyUser
AFAICS this web page talks about the proxy user for eDirectory's LDAP gateway
to NDS. It's unlikely that this is relevant to your needs.
> But i don't have any idea about how implement it usng python-ldap.
> [..]
> I want to add following 2 new flags
>
> ldap_proxy_user = ldap_proxy
> ldap_proxy_pwd = secret
Hmm, please don't take it personally but my impression is that you're not
totally clear on what you need. Could you please try to explain what you want
to achieve?
Ciao, Michael.
More information about the Python-list
mailing list