File: ms_ad_bind.py

package info (click to toggle)
python-ldap 3.2.0-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,268 kB
  • sloc: python: 9,625; ansic: 2,828; makefile: 132; sh: 68
file content (38 lines) | stat: -rw-r--r-- 1,059 bytes parent folder | download | duplicates (8)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# How to bind to MS AD with python-ldap and various methods

import ldap,ldap.sasl

ldap_uri = "ldap://dc1.example.com"
dn = "CN=Anna Blume,CN=Users,DC=addomain,DC=example,DC=com"
sAMAccountName = "ABlume"
userPrincipalName = "ablume@addomain.example.com"
password = 'testsecret'

trace_level = 2

l = ldap.initialize(ldap_uri,trace_level=trace_level)

# Normal LDAPv3 compliant simple bind
l.simple_bind_s(dn,password)

# This is AD-specific and not LDAPv3 compliant
l.simple_bind_s(userPrincipalName,password)

# This is AD-specific and not LDAPv3 compliant
l.simple_bind_s(userPrincipalName,password)

# SASL bind with mech DIGEST-MD5 with sAMAccountName as SASL user name
sasl_auth = ldap.sasl.sasl(
  {
    ldap.sasl.CB_AUTHNAME:sAMAccountName,
    ldap.sasl.CB_PASS    :password,
  },
  'DIGEST-MD5'
)
l.sasl_interactive_bind_s("", sasl_auth)

# SASL bind with mech GSSAPI
# with the help of Kerberos V TGT obtained before with command
# kinit ablume@ADDOMAIN.EXAMPLE.COM
sasl_auth = ldap.sasl.sasl({},'GSSAPI')
l.sasl_interactive_bind_s("", sasl_auth)