如何使用python-ldap模块使用SASL auth绑定LDAP连接?
我还应该在Windows AD DC端配置任何特定的东西吗?
这是我的代码,它引发InvalidCredentials错误
import ldap
import ldap.sasl
HOST = "<IP>"
PORT = 636
user_name = "<AD user name>"
pwd = "<AD account password>"
PORT = 389
ldap_conn = ldap.initialize("ldap://[%s]:%s" % (HOST, PORT))
auth_tokens = ldap.sasl.digest_md5(user_name, pwd)
try:
ldap_conn.sasl_interactive_bind_s("", auth_tokens)
print(ldap_conn.whoami_s())
except ldap.INVALID_CREDENTIALS as e:
print(e)
运行代码,我得到结果(凭据正确):
{'desc': 'Invalid credentials', 'info': '8009030C: LdapErr: DSID-0C09056D, comment: AcceptSecurityContext error, data 52e, v2580'}
附加说明:
在我的PC上运行搜索ldapsearch -h <IP> -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
会返回:
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5