Re: [Fwd: Active directory signature]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

FYI, I'v fixed the problem which was actually due to auto chasing for
referal, causing an anonymous connection to be open.
Thank you

On Wednesday 02 May à 15:21, Sylvain Thénault wrote:
> On Wednesday 02 May à 09:13, Garland, Ken R wrote:
> > On 5/2/07, Sylvain Thénault <syl...@lo...> wrote:
> > >forwarding this message since I'm now subscribed.
> > >
> > >----- Forwarded message from Sylvain Thénault 
> > ><syl...@lo...> -----
> > >
> > >> From: Sylvain Thénault <syl...@lo...>
> > >> To: pyt...@li...
> > >> Date: Wed, 2 May 2007 13:10:39 +0200
> > >> Subject: Active directory signature
> > >>
> > >> Hi there !
> > >>
> > >> I've some customer code which has been recently broken, since they
> > >> upgraded to AD3. It's some basic authentication code using python-ldap
> > >> (I'm not sure which version is installed on their servers). Their
> > >> microsoft expert told them it was because they changed the "Domain
> > >> controller: LDAP server signing requirements" option to "Require 
> > >signing",
> > 
> > 
> > basically saying they now require authentication. you just need to
> > determine what credentials have been setup to allow whatev er task it
> > is you want to accomplish, then specify them inside your python-ldap
> > program. something similar to:
> > 
> >                l=ldap.initialize("ldap://your.server.com")
> >                l.bind('cn=the_cn_you_use,dc=server,dc=com', 'password')
> > 
> > change 'cn' to 'uid' or whatever it is that your bind requires. set
> > that to a user which has permissions to do whatever it is you are
> > trying to do, simple searches, modifying entries, etc.
> 
> This is already what is done. Basically the code is only doing
> authentification, no more, and works that way, given a login/password 
> to authenticate:
> 1. search in AD the DN corresponding to the login, using an
>    authenticated connection (using an admin dn/password)
> 2. try to connect using the found DN and the given password (using
>    simple_bind_s) to validate the password
> 
> Maybe this is not the right way to do AD/LDAP authentication though ?

-- 
Sylvain Thénault                               LOGILAB, Paris (France)
Formations Python, Zope, Plone, Debian:  http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
Python et calcul scientifique:           http://www.logilab.fr/science