使用ldap库的python中的LDAP身份验证问题

Question

I am trying to connect to LDAP server for authentication. Our LDAP server use SSL but we don't use any SSL certificate.

Following is my code:

I have two url provided by system admin. There are as follows:

url1 = "ldap://100.x.x.x:389"
url2 = "ldaps://10.x.x.x:636"

My first questionis which url I should use ? what is difference between ldap:// and ldaps://

LDAP authentication code is as follows, I have tried to use both(url1 and url2):

conn = ldap.initialize(url)

ldap.TLS_AVAIL
1

conn.simple_bind_s(
        'CN={0},ou=users,DC=compnay,DC=com'.format(myemail),
        mypassword
    )

conn.simple_bind(
        'CN={0},ou=users,DC=compnay,DC=com'.format(myemail),
        mypassword
    )

if i used first url (url1) with simple_bind_s, then following is error:

INVALID_CREDENTIALS: {'info': u'80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': u'Invalid credentials'}

but when I use with simple_bind, it gives me int even though password or username is wrong.

What is difference between simple_bind_s and simple_bind. How can I use simple_bind for authentication?

Answer 1

The difference between simple_bind() and simple_bind_s() is that simple_bind() is asynchronous and simple_bind_s() is synchronous .

The synchronous version makes your program wait until it is finished and then returns the results, where the asynchronous version returns an id code immediately and continues working in the background, and then later you call result() with the id code to get the results.

So your call to simple_bind() likely did fail; you just don't know it because you haven't fetched the result yet.

Most ldap functions have asynchronous and synchronous versions, such as add() and add_s() , delete() and delete_s() , search() and search_s() , etc. Some ldap operations (especially searching) can take a long time to complete, so you'd use the asynchronous versions if you don't want to your program to have long pauses.