Menu
▾
▴
using Kerberos to authenticate to Active Directory from python ldap
|
From: Olivier S. <oli...@gm...> - 2009-04-09 20:40:05
|
Hi all,
I'm trying to script a function that can retrieve if a user is member of
a group in active directory. The previous script was a shell script with
a ldapsearch call for every user. You can image that took long on a
thousand users.
So I'm rewriting the script for python. However, I cannot get the
kerberos authentication right.
ld = ldap.initialize('activedirectory-dns')
ld.sasl_interactive_bind_s('', ldap.sasl.gssapi('user@REALM'))
ld.search_s(self.base, ldap.SCOPE_SUBTREE, '(CN=groupname)', ['Member'])
I get an error that I don't have the right credentials.
However it works with ldapsearch, so the Kerberos ticket is valid and
correct for this query..
Anybody a tip how to continue? Or an example script that uses Kerberos?
thanks,
Olivier
|
