I am using the ldap3 library ( https://ldap3.readthedocs.io/en/latest/ ) with Python and authenticating against LDAP
conn = Connection(server, user='CN=person,OU=Service Accounts,DC=mydc,DC=mydomain,DC=co,DC=uk', password='Password123', auto_bind=True)
The below works but only because I know the person
value. How would I set this up so someone can authenticate using their mail
or user ID eg forename.surname
At the moment they would need to use the dn
form which of course no user will ever be likely to know
Thanks
Using this page https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#logging-into-the-server
I got the following to work
from ldap3 import Server, Connection, ALL, NTLM
server = Server('ldap://my_ldap_server', get_info='ALL')
conn = Connection(server, user="mydomain\\user", password='Password123', authentication=NTLM)
conn.bind()
authenticated = conn.bound
print(authenticated)
conn.unbind()
At the moment they would need to use the dn form which of course no user will ever be likely to know
With standard LDAP directories, you're supposed to bind with the application's own account first, then perform a search for some attribute as the username (eg search Active Directory for sAMAccountName=theuser
), and finally use the found entry's DN as the actual bind DN for password verification.
For Active Directory in particular, you can directly specify either the UPN theuser@ad.example.com
or the legacy SAM account name EXAMPLE\theuser
in place of the bind DN.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.