stackoom
  简体   繁体   中英

How to bind (authenticate) a user with ldap3 in python3

 原文  2015-02-18 03:17:59       python/ python-3.x/ ldap/ ldap3

Question

I'm trying to update some code to python3, using ldap3 version '0.9.7.4'. ( https://pypi.python.org/pypi/ldap3 )

Previously, I used python-ldap with python2 to authenticate a user like this:

import ldap
address = "ldap://HOST:389"
con = ldap.initialize(address)
base_dn = "ourDN=jjj"
con.protocol_version = ldap.VERSION3
search_filter = "(uid=USERNAME)"
result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter, None)  
user_dn = result[0][0]  # get the user DN
con.simple_bind_s(user_dn, "PASSWORD")

This properly returns (97, [], 2, []) on correct password, and raises ldap.INVALID_CREDENTIALS on a bind attempt using an incorrect password.

Using ldap3 in python3 I'm doing the following:

from ldap3 import Server, Connection, AUTH_SIMPLE, STRATEGY_SYNC, ALL
s = Server(HOST, port=389, get_info=ALL)
c = Connection(s, authentication=AUTH_SIMPLE, user=user_dn, password=PASSWORD, check_names=True, lazy=False, client_strategy=STRATEGY_SYNC, raise_exceptions=True)
c.open()
c.bind()

It's raising the following exception:

ldap3.core.exceptions.LDAPInvalidCredentialsResult: LDAPInvalidCredentialsResult - 49 - invalidCredentials - [{'dn': '', 'message': '', 'type': 'bindResponse', 'result': 0, 'saslCreds': 'None', 'description': 'success', 'referrals': None}]

I'm using the user_dn value returned by python2's ldap search, since this appears to be working in python2.

How can I get this to bind properly using ldap3 in python3?

( One thing strange, I noticed, is that the ldap3's LDAPInvalidCredentialsResult includes 'description': 'success' . I'm guessing this just means response successfully recieved... )

2 answers

solution1
 24  2015-02-19 20:42:35

I'm the author of ldap3, please set raise_exceptions=False in the Connection definition and check the connection.result after the bind. You should get the reason why your bind() is unsuccessful.

solution2
 1  2021-03-17 16:44:18

Confirm that your DN doesn't need to escape a comma using backslash \\ .

My organization gives users a CN of "last name, first name", so my DN needed to be "CN=Doe\\, Jane, OU=xyz, ..., DC=abc, DC=com"

I realized this by using Active Directory Explorer to navigate to my user object, r-click > view properties to see the distinguished name. I ran into this invalid credential error when using the DN that AD Explorer displays in its Path breadcrumb which omits the escape character.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python ldap3 authenticate using mail or user id Python3 Ldap3: Cannot add entities ( new user object) on ldap via python script How to delete attribute of user in ldap3? HOW-TO: LDAP bind+authenticate using python-ldap How to force user to change password at next logon with ldap3 python module? How can I verify user and password using Python ldap3 via OpenLdap? Get user status (disabled or active) in Active Directory with ldap3 Python python ldap3 search LDAPOperationsErrorResult Python ldap3 Search whenCreated Python ldap3 create group
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM