Re: ldap.sasl.gssapi example?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Does the example below work on your system (or anybody else's on this lis=
t?)

This is the example I've been using to test sasl_bind with a little clean=
up.
-------------------- 8< -----------------------------------
# For documentation, see comments in Module/LDAPObject.c and the
# ldap.sasl module documentation.

import traceback
import sys
import ldap,ldap.sasl

ldap.sasl._trace_level=3D0

ldap.set_option(ldap.OPT_DEBUG_LEVEL,0)

############### CHANGE THIS TO YOUR SERVER ##################
MY_LDAP_SERVER =3D "ldap://put.your.server.url.here/"

for ldap_uri,sasl_mech,sasl_cb_value_dict in [
     (
     MY_LDAP_SERVER,
     'GSSAPI',
     {
       ldap.sasl.CB_AUTHNAME    :'',
       ldap.sasl.CB_PASS        :'',
     }
     ),
]:
   sasl_auth =3D ldap.sasl.sasl(sasl_cb_value_dict,sasl_mech)
   print 20*'*',sasl_auth.mech,20*'*'
   # Open the LDAP connection
   l =3D ldap.initialize(ldap_uri,trace_level=3D1)
   # Set protocol version to LDAPv3 to enable SASL bind!
   l.protocol_version =3D ldap.VERSION3
   try:
     l.sasl_interactive_bind_s("", sasl_auth)
   except ldap.LDAPError,e:
     print 'Error using SASL mechanism ', sasl_auth.mech,str(e),=20
sys.exc_info()
     traceback.print_tb(sys.exc_info()[2])
   else:
     print 'Sucessfully bound using SASL=20
mechanism',sasl_auth.mech,'as',repr(l.whoami_s())
   l.unbind()


-------------------- 8< -----------------------------------

Michael Str=F6der wrote:
> Gavin Doughtie wrote:
>  > Here's the complete scoop:
>  > [..]
>  > Name        : krb5-workstation             Relocations: (not=20
> relocateable)
>  > [..]
>  > URL         : http://web.mit.edu/kerberos/www/
>=20
> It seems you're using the MIT Kerberos implementation which is known to=
=20
> have some issues with OpenLDAP (mainly cause it's not thread-safe). In=20
> opposite to that I'm using the heimdal implementation.
>=20
> http://www.pdc.kth.se/heimdal/
>=20
> As I said I do not have much experience with Kerberos. It simply works=20
> for me. It seems I can't really help with your setup.
>=20
> Ciao, Michael.
>=20

--=20
Gavin Doughtie
DreamWorks SKG
(818) 695-3821